I have a case that i am trying to solve and i could use some help.
Let me first describe the situation and then we will move on to possible design solutions.
I i have a customer with the below simple topology :
Core-Router <---Lease_Line--> Branches (10.0.0/16)
We decided to buy a 3x3750 stack switches in order to separate users(vlan2), servers(vlan3),supervisors(vlan4).
The topology would then look something like that.
3750-Stack -------------Core-Router <---Lease_Line--> Branches
| | |
vlan2 vlan3 vlan 4
vlan 2= 10.2.1.1/24
vlan 3= 10.3.1.1/24
vlan 4= 10.4.1.1/24
where the core router now is a member of users vlan(vlan2) and the branches would be accessible from servers or supervisors via a static route.
The problem now is that another company will be added to this network. It will share resources from the servers vlan for example mail,proxy,dns,active directory etc BUT it will have it's own internet line and it's own leased line with different branches. Like a mirror.
The supervisor vlan must have access everywhere.
So here we come to this :
I have 2xASA 5510 Security plus License with 8 interfaces each.
As far as i am concerned if i just add another vlan to my current topology with my new users, put a static route on 3750stack so they can have access to their branches from the new router, everything would be nice and smooth BUT then, i will have only one internet feed and the second-new line- will be used as a failover. I will also have VPN capabilities which i want to.
Now In case i want to use both internet lines things get a bit messy. I will have to change mode to my ASA to multiple, and use shared INTERNAL interfaces for supervisors and servers.
Any ideas ?