Currently my PIX 506 is at 6.3(3). I know I need to upgrade it to 6.3(5). The manuals have said that even with an upgrade though VLANs are supported I am not able to create any virtual interfaces. I want to separate my network into multiple security zones. Currently the network is all lumped together. I see the largest zone of maybe 30 IPs, the next zone of maybe 15 IPs, then a few zones of one or two IPs that could be lumped into the first, larger zone if there is no other place to stick them.
Can the 506 do some sort of VLAN tagging (802.1q?), send the packets to a small router, the router sends the packets to a simple, possibly unmanaged switch, then the switch sends the packets to the actual machines?
For the zones where I have more than 24 IPs, more IPs than I have in a 24 port switch, can I jump/patch one switch to the next? Maybe then I have a primary switch (a small one just greater than the number of security zones?) that is jumpered/patched to other switches that are the actual zones?
There's got to be a better way to do this.
Mike