install dd-wrt on your linksys routers

http://www.dd-wrt.com/wiki/index.php/Main_Page

This would probably accomplish everything you're looking for. Plus it's easy and free.

Simon

>>> 
From: 	Anthony Maszeroski <[log in to unmask]>
To:	<[log in to unmask]>
Date: 	7/9/2007 2:58 PM
Subject: 	Remote Sites & Cisco CCA

We have several off-campus residences that require internet access but
cannot be directly connected back to our main campus. Currently, we
purchase Comcast cable modem service for these houses and utilize
Linksys routers (they're cheap if they disappear) to share the
connection among the residents. Three main issues have surfaced from
this scheme :

1.) We have no visibility into the Comcast network, so we don't know if
service is down until students start complaining.

2.) Excessive use of peer-to-peer apps tends to crash the linksys
routers. This requires an in-person reset to remedy.

3.) Related to #2 - We are starting to receive DMCA complaints, which
can result in account termination.

We've already purchased some Cisco 1811s to replace the Linksys boxes in
the houses and now I'm trying to determine the best way to accomplish
these goals. I can use ddns update features in IOS and the integrated
modem in the 1811 to fix issue #1. I can use the integrated firewall to
block most p2p to address issue #2 (the remaining p2p traffic should be
caught by our IPS & 'shaper). What I would like to do for issue #3 is
tunnel/VPN all traffic from the off-campus houses back to our main
campus so that we can do net auth, compliance checks, etc. with CCA as
we do with our on-campus residence halls. Is anyone else doing a similar
setup? Can it be done w/o having to purchase additional equipment (i.e.
a Cisco VPN concentrator). We are currently running in In-Band Real-IP
gateway mode.

-- 
- Anthony Maszeroski
-----------------------------------
Information Security Manager
The University of Scranton
email : [log in to unmask] 
phone : 570-941-4226
-----------------------------------