If I understand your setup correctly, all traffic, whatever VLAN tag, received by the firewall destined for the internet will be routed to the internet interface. Once routing has taken place and the internet interface on the firewall does not have any vlans defined, the traffic from there on will be untagged (the vlan tag is lost), so the ISP will not see any tagged traffic.
If you post your "show running-config" from the firewall we'd be able to tell you exactly.
The ISP has no need to know which vlan this traffic came from. The vlan is only relevant within your LAN. It should also be noted that if vlan 201 is using private addressing this would be natted to a public IP on the firewall as it goes to the internet.
The ISP only needs to know how to route traffic back to this public IP for the return traffic, it doesn't care about vlans. When the return traffic from the internet reaches your firewall it is then natted back to a vlan 201 address and sent onto the core switch. The core switch will then know which vlan this address is in.
The above assumes your core switch is doing all the inter-vlan routing in your LAN.
As for user identification/authentication, again the ISP doesn't need to know that. To them it is just an IP packet.
The VLAN uses a vlan tag, by vlan tag router identifies the traffic coming from which subnet it stores the relevant "Source IP and Destination IP" and forwards the traffic(packet) towards the destination so when your ip packet reaches to your first hop or gateway then this is the end point of your vlan concept. Vlan is nothing more than a lan.
When traffic comes from a ISP via firewall then router checks the source ip in received packet and it forwards back to the appropriate source.
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. Now we are looking to YOU, our amazing tech community, to weigh in. Check out the amazing educational content we've uncovered and vote for your favorites before Friday, Fe...
SD-WAN Advanced Deployment What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology of software-defined networking . SDN is a centralized approach to network management which abstract...
Join Cisco EN Solution Domain Lead Jesse Lafuenti and Cisco Customer Success Specialist Kuba Zabiega in a discussion on what Application Visibility is, how it can be used to monitor and troubleshoot issues found in specific applications, and how you can e...
SD-WAN Advanced Deployment version 2.0 | Part 2 Today we going to write the part two of the SD-WAN Advanced Deployment and will include these : - SD-Wan Policy - Application Aware Routing.- SD-wan Security Features include IPS/IDS se...