We currently have PIX 525 firewalls with one DMZ 4-port card installed. There are 4 different public web servers connected to the ports. We are in the process of upgrading to the ASA models and had some questions about design layout. The number of public web servers will grow from 4 to 10 or 15. What is the best way to keep these servers isolated from each other using the ASA appliance? I was thinking using one of the physical ports and create sub-interfaces off of it. Then attached a Cisco 3750 series switch to that port and create private vlans. Is this layout a recommended approach or is there a better way of laying this out? Just wanted to know if my thinking was on track.
Thanks in advance for any information given.