Ok, this is alot of info attached. Not that I want a person to show me step by step on what to do. I would just like some of the questions answered. This switch was configured before I came on board. I guess I want to make sure this is a good design and that I am knowledgeable about the logic. Thanks in advance.
Apologies for delay in replying, been a bit busy.
1) the pix needs to know how to route back to your vlans on the 4500. So using your drawing the pix is connected to the 4500 via a point to point link. Pix end 10.10.99.2, 4500 end 10.10.99.1. So on pix
route (inside) 10.10.11.0 255.255.255.0 10.10.99.1
route (inside) 10.10.12.0 255.255.255.0 10.10.99.1
etc... for all vlans on 4500 switch.
2) nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
says to NAT any inside private address to the public IP address of the outside interface so yes if you want all inside clients to be able to access the Internet you need this.
3) 3560. You need one vlan for all the devices you are connecting in ie.
ISP inside interface
pix outside interface
Remember that this switch will not connect back to the 4500 switch so you can use any vlan you like. Do not use vlan 1.
4) Because wireless is less secure i would recommend having a separate vlan for these. So i would have at a minimum
i) server vlan
ii) wireless ap vlan
iii) client vlan(s) - depends how many clients you have.
I would only use vlan 99 for connecting pix to 4500 so don't put any other devices on this vlan.
5) You need to put ip helper-addresses on any vlan with clients that use DHCP to get an address. So assuming you have a DHCP server on your server vlan you will need to add the ip helper-address under each client vlan interface.
Don't worry about asking questions that's what NetPro is for and you'll find a lot of knowledgeable people on these forums.