Seems like the 5505 have a basic license.
Company A has a 5505 and is supposed to get access to company B file server behind Company B firewall. Company B has fileserver 192.168.16.2 and has set up a gateway 192.168.17.1 on it's own interface. I have nothing to do with company B or they're setup.
Company A, my responsibility, 5505 setup:
WAN static IP
The third interface cannot be fully functional, and the default block to LAN on the DMZ cannot be changed while the interface is there. I deleted the DMZ interface and made a new one with "Block to outside" so that the new interface should be able to communicate with the 5505 LAN.
The company-B-name-interface is setup with permit ip any any for testing purposes. It should all be open. Routing is set up for 192.168.16.2 to use gateway 192.168.17.1.
I can ping 192.168.16.2 on the company a 5505 picking the company-b interface. If I use packet trace everything comes up ok and is then stopped by the default company-b-interface access control drop any any ip. As the permit ip any any is listed before drop I find this weird.
Is it not possible to permit traffic between the third interface and local network even if removing access to the outside interface?
Do I have to buy another license for the 5505?
ip address 192.168.1.1 255.255.255.0
ip address x.x.x.202 255.255.255.248
no forward interface Vlan2
ip address 192.168.17.254 255.255.255.0
access-list CompanyB_access_in extended permit ip any any