I have an ASA5505 connected to one ISP router. The ISP has given me two different subnets instead of just one (nothing to do about it).
Subnet 1: 87.54.x.x/29
Subnet 2: 195.41.x.x/29
I have some static NAT's on the 87.54.x.x addresses and that is working fine. I have tried to create on static NAT on a 195.41.x.x interface. When i connect to the server i get the following error in the log: Deny TCP reverse path check from 87.54.x.x to 195.41.x.x on interface outside.
I have a 0.0.0.0 route on the outside interfacing to the ISP router on the 87.54.x.x network.
The problem is that althoug i have configured ACL's for the traffic for the 195.41.x.x address it does not seem to work proberly, i suspect that the ASA protects the network (and is telling me this with the Deny TCP path check log entry) but i need traffic in to my network.
Do i need to create a route to the 195.41.x.x network or do I need to add the 195.41.x.x IP address as a secondary ip address on the outside interface.