I had 1 internal server that is getting out through asa. I added a 2nd server but it does not have access. I've read that the implicit nat rule should work for both and I see nothing in the config that would show otherwise.
10.9.1.3 can currently ping out, browse , etc. 10.9.1.4 cannot.
10.9.1.4 can ping the inside interface and leave the asa, but it does not return.
when I ping with 10.9.1.3 the ping message returns and includes the outside interface in the message.
when the 10.9.1.4 pings, it tries to return, but the outside interface isnt included in the messae.
Pertinent lines on the config.
ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx
asdm location 10.9.1.0 255.255.255.0 SKYHAWK
asdm location 10.9.1.2 255.255.255.255 SKYHAWK
asdm location 10.9.1.4 255.255.255.255 SKYHAWK
object-group service Internet tcp
description HTTP; DNS; HTTPS
port-object eq www
port-object eq domain
port-object eq https
access-list SBC_access_in extended permit tcp any interface CTC eq https
access-list SBC_access_in extended permit tcp any interface CTC eq www
access-list site-tosite1 extended permit ip 10.10.0.0 255.255.0.0 172.17.3.0 255.255.255.0
access-list site-to-stie1 extended permit ip 10.9.1.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list site-tosite2 extended permit ip 10.10.0.0 255.255.0.0 172.17.4.0 255.255.255.0
access-list site-to-stie2 extended permit ip 10.9.1.0 255.255.255.0 172.17.4..0 255.255.255.0
access-list SKYHAWK_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 172.17.3.0 255.255.255.0
access-list SKYHAWK_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 172.17.4.0 255.255.255.0
global (CTC) 10 interface
nat (SKYHAWK) 0 access-list SKYHAWK_nat0_outbound
nat (management) 10 0.0.0.0 0.0.0.0
icmp permit any CTC
icmp permit any echo SKYHAWK
icmp permit any echo-reply SKYHAWK
these 2 lines bother me, Ive had technicians look at the device before, these appear left over, there is no other reference to the names.
access-list SKYHAWK_access_out extended permit ip any any
access-list SKYHAWK_access_in extended permit ip any any
should they be deleted?