Segregating WAN traffic to provide public internet access from a central location

We provide wireless internet in public areas in every office. For this purpose we provide cable internet, DSL, or dedicated T1 circuits. To save money and better control this traffic, we want to direct that traffic back through our headquarters' internet circuits. To do this we need a way to segregate this traffic on our WAN links for security and to keep it from overutilizing our WAN.
VRF and tunnels seems to be the answer.

Cisco Design Guide
Good Overview


This will be an interesting project. putting an ISA server in a DMZ and pointing it to a front end Sharepoint sever.
Some good design links on technet:

DMZ Architecture


high availability


Some of our VM's still have the little ".flat" file that points to the real .vmdk file. It is bad when that file goes away.

Free utility to rebuild the descriptor file: