    Can anyone tell me if this is possible;

    I run a 7200 router with an ATM interface that is used for ADSL
    subscriber aggregation.
    The subscribers run ADSL modems in RFC1483 bridge mode, and each
    ADSL/ATM PVC is bridged to a loopback interface on the 7200 with RBE,
    as follows;

    interface ATM4/0.38 point-to-point
    ip unnumbered Loopback0
    atm route-bridged ip
    pvc 1/38
    encapsulation aal5snap

    The 7200 is connected to a Catalyst 2924 switch via ethernet. 802.1Q
    VLAN trunking is being used between the 7200 and 2924 with multiple

    I would like to bridge 1 ADSL subscriber to 1 port on the 2924 in order
    to provide a private link between the network connected to the single
    port on the 2924 (via another router, 3620) and the network connected
    to the remote ADSL modem (another 3620).

    The full path looks like this

    Subscriber LAN_1 <> 3620 <> ADSL modem in bridge mode <> Carrier ATM
    network <> 7200 ATM interface <> 2924 switch <> 3620 <> Subscriber

    I have managment access to all network elements with the exception of
    the carrier ATM netword (the DSLAM and ATM switch).

    The 2 3620s do not have IPSEC IOS images, and there is one application
    that does like packets fragmented, so a VPN tunnel is not a good

    Is there any way to build a "private link" where the other hosts routed
    via the 7200 can not access either of the subscriber LANs, and the
    subscriber LANs can not access any networks other than the 2 connected
    Interesting question. I would like to see the real solution :)

    My fast solution would be: build access-lists around this 'tunnel'.

    Or use a tunnel between the 3620 and the CPE-modem (adsl side) so all traffic has no choice.

    Without investing in equipment I think this can be difficult.

