Hello
I am working in an environment where we are connected to the internet via a Cisco router>Cisco PIX 506e>Cisco 3750 and 2960 switches>
Clients/Servers
At the moment, we have two VLAN's set up - VLAN2 a guest one for contractors coming in to carry out work (192.168.2.0 255.255.255.0), and the standard VLAN1 (192.168.1.0 255.255.255.0) for both clients and servers. The PIX version is 6.3(5) so it has two logical interfaces to allow both VLAN's internet access. For security reasons, no ip routing is enabled on the 3750. The two subnets are completely seperated.
We're looking into the possibility of creating another VLAN on the switches, VLAN3, for the servers. This will isolate the servers from the clients in case a client has a virus for instance that broadcasts itself out to the subnet.
The problem is that since the PIX 506e is limited to two logical interfaces, VLAN3 cannot have direct internet access. My question is, if we enable ip routing between vlan's 1 and 3, can VLAN3 use VLAN1, can VLAN3 have access to the internet? We would need access for the Exchange server to send out mails, and also an SUS server on VLAN3 that would provide the MS patches to the other servers....
Would be interested in people's thoughts....