I am experiencing some network issues for some time now, and this is a hairloosing project.
I need to create 5 networks for my customers. they are placed in the same building. They will share internet connectivity and a large printer. Other than that they should not be able to "see" eachother.
I have made 5 inside Subnets / vlans:
Interface 0: VLAN 100 DHCP (sec level 0)
Interface 1: VLAN 10 10.10.10.0/27 (sec level 100)
Interface 2: VLAN 20 10.10.10.32/27 (sec level 100)
Interface 3: VLAN 30 10.10.10.64/27 (sec level 100)
Interface 4: VLAN 40 10.10.10.96/27 (sec level 100)
Interface 5: VLAN 1 10.10.10.128/27 (sec level 100)
Firewall in routed mode.
My problem is that when i have typed the same-security-traffic permit inter-interface command in the CLI, i can access the networks across the interface vlans. BUT... i dont have any internet connection.
When i remove the command, i have internet connection but cannot access the inside networks.!
I think that is a NAT issue, but i really tried everything.
I dont think it is a issue with access rules because its permitting any traffic on the inside networks, and denying outside.
The question is: is it possible at all? and if it is, what am i missing?
Any hints are at this point welcome.
This should work because of the security plus license gives 20 vlans and with trunking capabilities.