I have ASA5505 , connected to the WAN on port 0 (called Vlan2), and connected to my development LAN on port 7 (Called Vlan1).
I want to add DMZ, and I connected switch and servers to port 3, and called it Vlan3.
this is my settings:
ip address x.x.1.1 255.255.255.0
ip address x.x.3.1 255.255.255.240
no forward interface Vlan1
ip address x.x.2.1 255.255.255.0
switchport access vlan 2
switchport access vlan 3
also, I added DYNAMIC NAT rule to the DMZ interface , and STATIC POLICY NAT rule so all the HTTP and HTTPS connections to the x.x.3.3 (the Blog external IP address) will forward to x.x.2.3 (Blog internal IP).
I can connect to the web site outside the world, but i cannot connect to it from my LAN (Vlan1) - ping or ssh to x.x.2.3 is not available, and also ping or ssh to the Vlan3 interface x.x.3.1 (the ASA ip on Vlan3).
Do you have any idea how can I fix it?
Is there a way to enable communication from VLAN1 to VLAN3 (so Vlan1 will initiate the communication) with specific NAT rules without buying the Plus license? I understood that "no forward int vlan1" is to prevent from Vlan3 to init the connection to Vlan1, no?