Switches, VLANs e redes

É isso que estou tentando fazer. Eu acho que o professor acha que sabemos mais do que nós

The Directorate of Diplomatic Officers has recently agreed a new network infrastructure to connect its 3 international offices in Rome, Cambridge and Chicago.
Your task is to complete the design and produce a working prototype configuration to prove the implementation will work. .

The offices in Cambridge, Chicago and Rome will be interconnected via resilient T1 mesh network. The clock rates are provided by Cambridge and Rome.

It is anticipated there are requirements for around 2300 hosts at the Chicago office and a potential 1093 hosts at both the Rome and Cambridge offices.
There will be 12 further offices within Europe in the next 2 years each with a minimum of 550 hosts each.

The Cambridge office is used to host a connection to the Internet via a Managed Ethernet Connection (Fast Ethernet) with an allocated address of 209.123.234.5/30.

As the organisation has not previously been connected to the Internet, they have not been allocated a block of addresses to use other than the dedicated Internet link.
The new network design must use a configuration to reflect this lack of addresses and utilise appropriate addressing through use of RFC1918 addresses

The organisation needs to implement a security policy on a suitable router to

• Ensure that only users from its main 3 offices can attach to the corporate data centre at 199.199.199.199.
• Only Chicago users on the Administration VLAN are able to access the Finance Server hosted at an ASP at address 200.200.200.200, utilising an application on Port 1234 using TCP. • Only Rome and Cambridge users are able to access an EU Research database using http, https and ftp (remember ftp uses two ports) on address 194.123.88.99 • All users need to access an off-site email server running both IMAP/POP3/SMTP in the appropriate directions on address 180.145.22.33. • Block access to a range of file-sharing networks using IRC where demotivated employees are downloading copyrighted material using networks 206.206.83.0, 206.207.82.0, 206.207.83.0, 206.207.84.0 & 206.207.85.0. • only internal initiated connections are permitted to access the Internet.

All security violations must be logged in an appropriate syslog server.

Eu tenho a topologia configurada junto com o esquema de endereçamento. O problema que estou tendo é tentar fazer com que as vlans falem com o resto das redes.

E.G: Eu tenho o 10.0.16.254 como o gateway. Eu configurei os servidores na VLAN usando o switch. Eu digo VLAN 10 como o db de pesquisa com um IP de 194.123.88.99. Eu não posso conseguir isso para sair para qualquer um dos outros escritórios como o gateway está em uma rede diferente.

Eu queria saber como contornar isso para que tudo converge.

Obrigado antecipadamente