I'm not sure you are going to be able to route traffic through your firewall with this type of setup. The configuration below allows for access between all vlans. I'm using vswitches in vmware instead of physical switches for the access layer. I haven't been able to get the clients to route to the Internet without using virtual routers.
## Last changed: 2011-05-08 08:27:23 UTC
version 11.1R2.3;
system {
services {
ssh;
dhcp {
pool 192.168.101.0/24 {
address-range low 192.168.101.50 high 192.168.101.100;
name-server {
8.8.8.8;
}
router {
192.168.101.2;
}
}
pool 192.168.102.0/24 {
address-range low 192.168.102.50 high 192.168.102.100;
name-server {
8.8.8.8;
}
router {
192.168.102.2;
}
}
pool 192.168.200.0/24 {
address-range low 192.168.200.50 high 192.168.200.100;
name-server {
8.8.8.8;
}
router {
192.168.200.2;
}
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
description "Trunk to SRX210 ge-0/0/0";
unit 0 {
family inet {
address 10.10.200.2/24;
}
}
}
ge-0/0/1 {
description "Trunk to ESX vSwitch3";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members Intranet;
}
}
}
}
ge-0/0/13 {
description "Trunk to ESX vSwitch2";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ Customer_1 Customer_2 ];
}
}
}
}
me0 {
unit 0 {
family inet {
address 192.168.1.252/24;
}
}
}
vlan {
unit 101 {
description "Customer_1 l3 Interface";
family inet {
address 192.168.101.2/24;
}
}
unit 102 {
description "Customer_2 l3 Interface";
family inet {
address 192.168.102.2/24;
}
}
unit 200 {
description "Intranet l3 Interface";
family inet {
address 192.168.200.2/24;
}
}
}
}
routing-options {
traceoptions {
file routing;
flag all;
}
static {
defaults {
active;
}
route 192.168.101.0/24 next-hop 192.168.101.2;
route 192.168.102.0/24 next-hop 192.168.102.2;
route 192.168.200.0/24 next-hop 192.168.200.2;
route 0.0.0.0/0 next-hop 10.10.200.1;
route 10.10.200.0/24 next-hop 10.10.200.2;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
Customer_1 {
vlan-id 101;
l3-interface vlan.101;
}
Customer_2 {
vlan-id 102;
l3-interface vlan.102;
}
Intranet {
vlan-id 200;
l3-interface vlan.200;
}
}