Hi,
Let me run this past you.
Have an SSG firewall with one interface that provides several groups with access.
On the interface for each group I have a separate subinterface set up with a separate VLAN and /24 subnet.
I now have a new group that wants to join on the interface and to that effect I have created another subinterface, VLAN 300 and /24 subnet. I have give them 6 MIP's with public IP's and the private IP's all in the same previously mentioned subnet and VLAN 300.
The discussed interface port on SSG is connected to Cisco switch via a trunk connection.
The new group wants to connect a port on that switch to their Cisco ASA firewall.
They want to hold onto their own VLAN structure and want to somehow translate or map each separate MIP (which are all still in VLAN 300 when they arrive) into a separate VLAN.
I don't know much about VLAN translation, but feel this can only be done if each separate MIP is part of a separate subnet/subinterface/VLAN when it leaves the SSG? Or can they somehow get the Cisco ASA router to map the individual MIP host IP's to separate private IP's/subnet's on the trust side of their network?