We're trying to deploy a new ASA5505 and Cisco2811 that's behind the FW. The inside of the FW is connected to the router (assigned with a public IP of /30). The LAN range is behind the router, and is to be NAT'd on the outside interface of the FW. Is this logically possible? When I try to do a packet trace from the ASA ASDM, LAN is not able to reach the internet.
Also, from ASDM, what is the difference between the packet trace button from Access rule and the packet trace from NAT rule window? Coz when I added a specific dynamic NAT rule for the LAN range to the outside IP address of the FW (besides from the default dynamic NAT 0.0.0.0 assigned to outside), the packet trace going to the internet is okay. But when I try the packet trace from the access rule window (allowing ip from LAN range to any on inside_access_in), I'm getting a NAT lookup error.