Thanks Rick, I did some late reading last night and found that the 5505 can configure all 3 vlans but the DMZ cannot initiate any connection. The initiation must come from either the inside or outside vlan's........

Any idea on how to do port forwarding with this thing?

Best Regards

Jose

Your finding is consistent with what I remembered. I recently configured port forwarding on an ASA5505. I configured it basically as:

static (inside,outside) tcp interface

which establishes a static translation (port forwarding) from the port# on the outside interface to port# on the inside interface. The thing that surprised me about this is that it worked when I specified the keyword "interface" but not when I specified the address of the interface.

HTH

Rick

Rick

That's interesting I'm going to have to do some reading on the interface parameter for the static command. I' let you know what I find?

Regards

Here's what I found out:

Uses the interface IP address as the mapped address. Use this keyword if you want

to use the interface address, but the address is dynamically assigned using DHCP.

Maybe the address lease had expired?

I for got to add this note:

Note You must use the interface keyword instead of specifying the actual IP

address when you want to include the IP address of an interface in a static

PAT entry.

Jose

This note explains the behavior that I described in my response. If you do port forwarding where some packet is sent to the outside interface on some port number and you want to forward it to some host inside on some port number then you use the static command to set up a static PAT and you need to use the keywork interface instead of specifying the ip address of the interface.

HTH

Rick