I was getting tcp discards to ouside interface. I think I fixed that by using the "static (inside, outiside) tcp interface "
as suggested by others.
Then I eventually get a tcp source denied to the outside interface from the upstream router. SO I modify the access-list to allow the router to the outside interface [ /30 between the hosts]. Then I get a "Deny IP due to land attack" - I know why .
Anyone have a work around or suggestions ? This is all to get BGP peering across the ASA (v 8.0(4))
Can you try this:
ip verify reverse-path interface outside
Let me knoe how it goes,
Here the command ref for it:
Hope that helps,