Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

Hardware required for DMZ on PIX 506E?


We recently bought a Cisco Pix 506E firewall app. for our (small sized) network. The specs state that the pix 506 is capable of using a DMZ interface, however there are only two physical interfaces. I figure that for a DMZ i have to configure an additional logical interface (vlan). The setup that we have (with the pix 506) will be:

Pix 506:

interface 0 (outside): global ip address

interface 1 (inside):, subnet

Vlan1 (logical on interface 1):, subnet

Interface 1 is connected to an unmanaged 3com switch.

Behind the switch there are several 192.168.1.x systems and one webserver with ip address

I was under the assumption that the pix would figure out the proper (logical) interface based on the ip address of the system, but the webserver is not able to reach any interface (not, not

My experience with Cisco equipment is very, very limited (as one probably has figured out by now) but i assume that i need an additional switch with vlan support to make this setup work?

Can anyone confirm that this is the case? or is it possible to construct a Wan/Lan/DMZ setup with a Pix 506E without additional "intelligent" hardware?

Thank you for the reply.

  • Firewalling
Hall of Fame Super Blue

Re: Hardware required for DMZ on PIX 506E?


if you are using logical interfaces on the Pix 506E then the connection from the inside interface to the switch must be configured as a trunk port on the switch. This is because multiple vlan information must be passed down this link.

I don't know whether the 3com supports 802.1q vlan tagging but this is what it needs to work.



New Member

Re: Hardware required for DMZ on PIX 506E?

Thanx for your reply Jon, the 3Com that we currently have is unmanaged, and does not support vlans. Your reply thus also indicates that I probably need additional hardware.