We recently bought a Cisco Pix 506E firewall app. for our (small sized) network. The specs state that the pix 506 is capable of using a DMZ interface, however there are only two physical interfaces. I figure that for a DMZ i have to configure an additional logical interface (vlan). The setup that we have (with the pix 506) will be:
interface 0 (outside): global ip address
interface 1 (inside): 192.168.1.1, subnet 255.255.255.0
Vlan1 (logical on interface 1): 192.168.100.1, subnet 255.255.255.0
Interface 1 is connected to an unmanaged 3com switch.
Behind the switch there are several 192.168.1.x systems and one webserver with ip address 192.168.100.7.
I was under the assumption that the pix would figure out the proper (logical) interface based on the ip address of the system, but the webserver is not able to reach any interface (not 192.168.1.1, not 192.168.100.1).
My experience with Cisco equipment is very, very limited (as one probably has figured out by now) but i assume that i need an additional switch with vlan support to make this setup work?
Can anyone confirm that this is the case? or is it possible to construct a Wan/Lan/DMZ setup with a Pix 506E without additional "intelligent" hardware?
Thank you for the reply.