I have a new base ASA 5505 that I am using to connect to a cable modem as a second internet connection for all internal users internet access. I have an existing PIX 506e that manages the VPN passthrough, a DMZ, and another VLAN for a set of T1's. I have setup my new ASA with 2 VLANs (inside, outside) and things work fine from that perspective in regards to internet access etc.
My issue is allowing users on my inside VLAN from the ASA to access an existing DMZ VLAN setup by the PIX that is trunked through my layer 2 switches. Do I need to make all VLANS match on the ASA and PIX? Example my DMZ is VLAN 3 on my PIX do I need to make it that on the ASA and also dedicate it to a port even though my switches are trunking the DMZ successfully across the network? I know the base only allows one VLAN per port which is not a problem since I will only have 3 of the 8 ports in use.
The base ASA also restricts the 3rd VLAN initiating access to one of the other two VLAN's which is fine since the outside will not access the VLAN via the ASA but rather the PIX. I can access my VLAN2 inside (PIX) from VLAN1 inside (ASA) without issue so I don't think making them the same named VLAN matters but I may be wrong.
Finally the only thing I really need to do from my inside VLANs to the DMZ is ssh (SFTP) and FTP because it houses an externally accessed server which we need to post files to internally for external retrieval. This all works flawlessly through the current PIX config.