We will configure the trucking (Trunk) with cisco ASA and after that we will allow the LAN (Inside network behind firewall) to access the internet (8.8.8.8 & 4.4.4.4). Below is the topology.
R1(LAN-1)——
|—-L2-Switch—ASA—ISP(R3)–Internet(R4)(8.8.8.8 & 4.4.4.4)
R2(LAN-2)——
ASA
int g0/0
no shut
int g0/0.10
vlan 10
nameif inside-1
security-level 80
ip add 10.10.10.254 255.255.255.0
int g0/0.20
vlan 20
nameif inside-2
security-level 90
ip add 20.20.20.254 255.255.255.0
int g0/1
nameif outside
ip add 99.1.1.2 255.255.255.252
no shut
Switch
vlan 10
vlan 20
int e0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20
no shut
int e0/1
switchport mode access
switchport access vlan 10
no shut
int e0/2
switchport mode access
switchport access vlan 20
no shut
LAN-1
int e1/0
ip add 20.20.20.100 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 20.20.20.254
LAN-2
int e1/0
ip add 10.10.10.100 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 10.10.10.254
ISP
int e1/0
ip add 99.1.1.1 255.255.255.252
no shut
int e1/1
ip add 88.1.1.1 255.255.255.252
no shut
ip route 0.0.0.0 0.0.0.0 88.1.1.2
Internet
int e1/0
ip add 88.1.1.2 255.255.255.0
no shut
int l0
ip add 4.4.4.4 255.255.255.255
int l1
ip add 8.8.8.8 255.255.255.255
ip route 0.0.0.0 0.0.0.0 88.1.1.1
if we want to allow inside-1 LAN to reach 8.8.8.8 and 4.4.4.4 then below configuration will be required
object network inside-1
subnet 10.10.10.0 255.255.255.0
nat (inside-1,outside) source dynamic any interface