I have a T1 coming into the building, terminating at an 1800 Series router, then into a Cisco ASA 5500 series, then to a server hosting all the services, including ISA. This is a multihomed server which then goes into a 48 port switch that all other PC's plug into.
My question is, where should I perform NAT? I would assume that I should do this on the router at the edge (the T1 is an internet T1 by the way) and not the ASA.
Also, I will be having IPSec VPNs using L2TP coming into the network for people travelling and working from home. I want these to terminate at the ASA and then have the ASA query the server for certificates. What do I need to do to make sure that the router ACLs do not stop this and so that ISA lets the certificate checks through?
Thanks in advance.