I'm pretty new to all this and have read a lot. My situation is as follows:
I've got a 3750 12 port SFP port switch which connects to 48 ethernetport + 4SFP port switches through a trunk (they are also all trunked between each other and then each of them is connected to the 3750 12 port SPF switch (wanted to make a mesh / back up links). There are 2 vlans (call them A and B) on it and a management vlan. The 12 ports SFP switch then connects to a ASA 5510 inside interface (used ethernet port from ASA side and a GL-T transciever to connect an ethernet cable into the 3750 12 port SFP). The ASA then connects to the router through its outside interface. Finally, connected to the dmz ASA interface is another 24 port 3550 layer 2 switch. It only has 1 web server on it and is being waster (the 24 port switch has 1 vlan for DMZ and 1 vlan for management). The thee ASA interfaces dmz, inside, outside all have ip addresses and security levels like 100 for insisde, 20 for dmz and 0 for outside.
Now, we bought a 8 port 2960 cisco layer 2 switch. I cannot do ip route so i read that i have to setup a trunk between the layer 2 switch and the firewall and create subinterfaces on the firewall. I setup a single vlan on the 8 port switch and only created one subinterface on the ASA port which was meant for dmz (i did the no shut, no security, no nameif for the physical port and then created subinterface with nameif, security, vlan). I can ping from firewall to the web server and its vlan but the 2 vlans from the inside network (A and B) cannot access the web server.
1. do i need to create a trunk on the ASA sub interface?
2. do i make the inside Vlan A and B access the web server in DMZ through access-lists or do i need to something else?
3. I've got Vlan A and B but for some reason when I click on a computer on vlan A for instance and do start run and enter the ip address of a server on vlan B it prompts me for username and password - I do not want A and B to see each other nor communicate at all (so I dont even want computer on Vlan B to access servers on Vlan A).
I've also noticed by installeing Windows 2008 server compared to Windows 2003 when i do start run and type in an ip of any computer on the same Vlan i can access its shared without username and password - but I don't think this is down to Cisco but actually Windows (obviously would want users to give credentials)!
Hope someone can help out!
Thanking you in advance!