Okay, I was debating on posting this in the Newbie forums, but I'm not a newbie, and it's not really a newbie question, so here goes. I currently have a Cisco 2600 to my ISP with no ACLs. Behind that, I have essentially two firewalls. Both external interfaces have public IPs, and the internal interfaces are private IPs on the same network (ie, 192.168.0.0). Behind the one firewall, I have my web and DNS. Behind the other, I have all of my clients. Physically, everything with a public IP (every interface) is plugged into one switch, and every interface with a private IP is plugged into seperate switches, including my clients.

I realize that this is a bit convoluted, and it would be much easier to implement a DMZ in just one of the firewalls. The reasoning behind this setup (what little there was) had more to do with getting things done quickly and easily. I'm now hosting a huge number of web sites and critical apps, and can't just turn everything off and start over.

My primary question is, what would the benefit, if any, be of assigning different IPs to my web, DNS, and mail servers, along with the internal interface of the firewall that they go out through? This would, in essence, create a DMZ, but I'm curious what the real benefits would be. Thanks in advance for any advice, and I'll be glad to give more information where it's needed.