adding a hop

You shouldn't have to do any additional NAT translations. I'm assuming that currently, you are using public IPs from the same subnet for your links between the T1 router and the firewall.

Just move the IP on the first T1 router to the interface on the PBR router that connects to the firewall. Assign any /30 IP blocks you want to the links between T1A and T1B and the PBR router (I'm assuming you're using separate interfaces). Put static routes in the T1 routers pointing the public NAT to the PBR router outside interface and also one in the PBR router pointing to the outside firewall interface.

The original config is easy because the T1 router knows how to get to the LAN because it is a connected route. Since they won't be connected anymore, you'll have to use statics.

why would you not just connect T1-router-A to T1-router-B directly and hand-off whatever traffic you want by configuring policy on A ?

Is the new T1 going to your current ISP or a new ISP ?

That is a great idea, hasn't occurred to me. Sometimes you just need a fresh pair of eyes to see the obvious... Thanks.

With two T1 circuits you will also want to consider what happens to your traffic in the event of a failure of each of these T1

Will the new ISP carry the traffic that currently only goes to your present ISP in the event of that ISP's T1 ???

Which then of course brings us to the question of routing protocols to use now between you and your ISP's

Ideally you can get both ISP's to advertise default to you via BGP and you can annouce your networks to both ISP's via BGP.

A little bit of planinng to do here ...

Also during a maintence window I would encourage you to fail each T1 and see if all of your traffic flows on the other T1

Got it, thanks for the explanation, makes sense. One question, is the static on the PBR required? The PBR has an interface that's assigned one of the IPs that are part of my public block, so it's a connected route, no?

Also, I just found that the new ISP does not actually provide a T1 in the traditional sense of the term, they don't provide a router. They only provide an ethernet connection with a static IP. This being the case, they won't route the traffic from my other public source IPs, right? How do I get around that?

I just found out that the new ISP does not provide a true T1 in the traditional sense of the term, even though they call it that, but rather just an ethernet connection with a static IP. That being the case, they won't route the traffic from my other public IPs as the source, right? How do I get around that?

They will route traffic if you run BGP, but you have to have /24 or larger subnets, they need to be SWIPPED to you, and you will need your own ASN.

Alternatively, you still need /24 or larger networks, you can get both ISPs to put in static routes. The drawback is that you don't have any control over on which connection incoming traffic enters your LAN.