All your devices should be protected from the internet connection via the firewall (both lan 1 and 2) - assuming they both share that firewall as gateway.
Your servers in the dmz should also be reasonably protected, depending upon your firewall configuration.
I would have thought it is the best and fastest solution is to locate the servers on the lan where the majority of the servers particular users are, if possible.
The firewall which provides internet access should probably be located on the side with the most users overal, especially if it has the mail server in the dmz.
Remember all the users are essentially on the same lan (subnet) and you are just bridging.
I have had problems before with spanning tree, I was forced to make one of the aironet bridges the root bridge for the whole network, including the exiting cisco switches (I was just testing in a lab) - could have been my fault though.
If you haven't bought yet, try to buy eauipment that will be 802.11g capable (x5 speed)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...