I have a brand new configuration. I made the fewest possible modifications for testing. Here are the only changes I made:
Added an IP (+mask) to the outside and inside interface.
Added a nat (inside) 0 0
Added a global (outside) PUBLIC_IP
Added a default route (0 0) to outside.
Did a no shutdown on inside and outside.
Then I put a client on the inside (with an appropriate IP).
I have NO ACLs. Security level inside is 100 and outside is 0.
I fired up the asdm and made it model the packet flow from my inside host to an outside web server's IP address (port 80). Checkmarks everywhere: Packet is allowed!
But while the client can ping the inside interface of the ASA, it cannot connect to the web (with IPs since DNS is not yet configured).
What should I be checking next (besdies the resale value of a slightly used ASA)?
BTW, I'm running the latest 7.2(2) with asdm 5.2.