i m setting up a new network comprising of 1 Cisco Pix 515e, 1 Cisco Router 2811, 1 Cisco 24 port switch 3750, as shown in the diagram below.
Couple of question i have is, do i need a separate switch for the DMZ or using one switch (cisco 3750) is ok?
the connection on the diagram (particularly for DMZ) is that relativley secure setup?
if DMZ servers need to communicate with servers on the 10.10.100.0 subnet, do i have to create a route with ACL list on the router or on the Pix?
As these questions are more towards the physical connectivity i will create separate question if i need any assistance with any configuration, only to be fair to you guys?
Depending on what kind of data you are dealing with i would also remove the CISCO 2811, but use it to pysically seperate the DMZ from the LAN.
There are institutions which DO NOT accept as vlan seperation on the same hardware (Except Firewall) as a secure setting.
So for sure you CAN do the two vlans on the 3750, but since you have a spare router i would suggest using it like mentioned.
And in any case, the routing and acl is done on the PIX.