InterVLAN & Firewall Question...

[forcesho]

I got my intervlan on my cisco 4506 working.. it was pretty easy... except I dont know much about the Netscreen NS25 box I got.. so basically..

VLAN1 - 192.168.1.0/24
VLAN2 - 192.168.2.0/24
VLAN3 - 192.168.3.0/24

The vlans works fine but my question is about firewall nat/mapping

So I need to map some external IP into some of the pc in the vlan network.. ie mail and some other stuff.. Am I suppose to pass vlan tags from the firewall into the switch ? Anyone with some netscreen knowledge?

 

[Zen37]

The Netscreen firewall supports IEEE 802.1q standard for vlan tagging.
But i don't think you need to do this for your case.
The NS25 has multiple interfaces, i would put your servers that needs to be accessed from the Internet on a DMZ segment. If you cannot do that, you can put the internal interface on one vlan and the Internal routing will get the natted packets to its destination.

For simple NAT mappings, there is no vlan tagging involved.

 

[seong76]

I use Netscreen 5GT with Cisco 2900 and planning to add in a 3560 to implement L3/VLANS. My questions are along the same line.

Let's say have have 3 vlan subnets.
Vlan1 - 10.0.0.1/24
Vlan2 - 10.0.1.1/24
Vlan3 - 10.0.2.1/24

Does that mean that I need to setup my NAT IP range to be something like 10.0.0.1/16?

If that is the case, I guess Mapping and Forwarding becomes simple. But, is that the right way to go about it?

Also, am I correct in assuming that the eth port connecting to the firewall should be a Trunk port?