It kind of depends on how much data you will be moving between these two external subnets. If you allow the HP to route directly between those subnets, you can have as many 1GB streams between them as you have ports configured for them. With "router-on-a-stick" (I've always called it vlan-on-a-stick, but same concept), you would be limited to just 1GB in total throughput between the vlans (leaving out the possibility of doing an lacp trunk between the SonicWALL and the HP).
In doing this method, the third vlan would be considered a "transit network", and would make it easier down the road as your network grows to implement a dynamic routing protocol, or to add more routers into the network, if the need ever arises.
The HP switch would be acting as your layer 3 core, and you would have an IP address in each of the 3 vlans. The SonicWALL would need only an access port to the transit network, and it's own IP on that network.
From there, a default route statement in the HP pointing to the SonicWALL's transit net ip address, and two static routes in the SonicWALL (one for each of your 'external' subnets) pointing back at the HP's transit net IP.
The easy button is to simply run a vlan trunk to the SonicWALL, and put an address on each of the vlans you want to route for. I've done it this way in the past, and if you don't plan on heavy traffic, it's perfectly viable, and pretty easy to configure.
If you could post some of your route statements in your attempts at setting up the transit net, I'm sure someone could help you get that straightened out.
You forgot the default gateway in the DHCP configurations. You need one for each pool:
default-router 192.168.x.254
Best Answer
I'm not understanding your exact problem because you don't provide enough detail but maybe this helps:
With rare exceptions, an IP subnet is mapped to a VLAN = broadcast domain = layer-2 network on a 1:1 basis.
You can run multiple IP subnets inside a single VLAN but they need a router to communicate with each other. Most often this setup doesn't make too much sense.
You can't run a single IP subnet across multiple VLANs though (without elaborate workarounds). Nodes in the same subnet expect to be able to talk to each other on a common layer-2 network = VLAN = broadcast domain.
So, your "VLANs within a subnet" can only work when you've split that subnet into sub-subnets properly and set up the router as gateway in between. A router on a stick is a router forwarding between VLAN subinterfaces on a single physical interface. Each subinterface needs to connect to one of the desired VLANs, so the link needs to be a VLAN trunk on both the switch and the router side.