I have a PIX 506e. I want to put it behind our Cisco 1600.
I want it to protect a LAN and two VLANs. In the future, I also want a VPN to the LAN from a remote location.1> I want the first VLAN (192.168.20.0) to be an environment for my e- mail server (basically allowing 25, 110, 143, 80, etc).
2> I want the second VLAN 192.168.30.0) to host a wireless network. Essentially, an access point, and several wireless devices. I also want this network to provide DHCP to its clients who authenticate with the password.3> And, I want a LAN (192.168.10.0), also with a DHCP server for its clients.
I want the clients on this LAN to have access to the email server (on the first VLAN). Would the LAN clients access it via the outside interface, or is there a way for them to go on the inside?
I'm uncertain as to the role of switches in this scenario. I assume it will be necessary for the switch to support VLANs, trunking, etc. But need some elaboration on why this is necessary, etc.
I have 3 main switches (all Catalyst 2950s). Is this switch sufficient?
One question I have is: How will devices plugged into a switch know which VLAN or LAN they belong to? Is this based on the port it's plugged into? What if, let's say, my email server (which should be on the first VLAN) is connected two the main switch but via a secondary2950 switch, is this straightforward to do (just set the ports to use the appropriate VLAN)?
If I need several ports on the VLAN could I setup the 2950 switch port and connect a secondary unmanaged/cheap commodity switch to that port, and all its ports would be on the VLAN?
Some other things I would like clearing up:
We have 29 IP addresses, can I assign static/port mappings corresponding to these IPs to machines either on the LAN or a VLAN?
Where is the gateway address on the networks?
Thanks for any config files, answers, hints, etc.