Happy Monday!
I believe I may already have the fix in mind but wanted to check in with the experts before breaking functionality. This weekend I went ahead and configured our VLANs with no major issues except that our Forefront TMG firewall isn't allowing network traffic to pass through our new IP address schemes. We're basically getting spoof attacks are being detected so I went ahead and added the new IP schemes to the "Internal Network" range and I'm still seeing the same issue.
When I attempt to ping one of the new IP address schemes from the firewall, it simply times out because I did not specify the VLAN interface IP on the firewall. I know a configuration has to be set to allow the traffic to get back to the VLAN IP's but would setting two default gateways on our firewall cause some kind of loop? One suggestion was to disable spoofing in TMG but I doubt that will fix the problem since a network configuration needs to be set.
Example config
LAN:
IP: 192.168.x.x
DNS: 192.168.x.y
Gateway: not set
WAN:
IP: 1.2.3.x
DNS: 1.2.3.y
Gateway: 1.2.3.z
Another alternative I can think of is configuring a 3rd virtual NIC tied into the internal network and setting the gateway there but seems a bit redundant. Suggestions?