I have cisco 2911 routers. It is configured to the outside through ATT. I am wanting vendors to come in through point to point using VPN. I have Fortient Firewall but that is open to Internet using VPN. I want to shut that down and use point to point VPN. Any suggestion.
You can have internet and vpn on same router, but is better to have separate router for that function. If you have budget, it would be ideal to have separate internet circuit for partner and normal internet traffic. The idea is to reduce the level of impact when there is any failure, and make it easy to troubleshoot.
The config should be normal, based on the process order of operation, the router will process VPN traffic first if it matches the ACL for encryption. The unmatch packets will be routed/natted normally. Do you have more specific question regarding the config?