I have an asa 5505 and nearly everything works great. my only problem is I have a webserver in the DMZ and I can't get access to the internet from it. Now if it was just that i wanted to be able to get updates for the box it wouldn't matter but i have an app on the server that has to communicate via ssl with a service outside my network and no traffic goes out that is destined for the internet. The server also accesses a database on the inside network and this works fine. I need a hand, badly.
no access-list outside_access_in extended permit tcp any host 188.8.131.52 eq www
access-list outside_access_in extended permit tcp any interface outside eq www
access-list dmz_access_in extended permit tcp host 192.168.3.2 host 192.168.2.3 eq 1433
access-list dmz_access_in extended deny ip any 10.0.0.0 255.0.0.0
access-list dmz_access_in extended deny ip any 172.16.0.0 255.240.0.0
access-list dmz_access_in extended deny ip any 192.168.0.0 255.255.0.0
access-list dmz_access_in extended permit ip 192.168.3.2 any
access-group dmz_access_in in interface dmz
nat (dmz) 1 192.168.3.2
You need to change the
nat (inside) 1 192.168.3.0 255.255.255.0 TO
nat (dmz) 1 192.168.3.0 255.255.255.0
That should fix your problem.