Here is the running config.

access-list dmztoinside extended permit tcp host 10.0.10.3 host 10.0.20.3 eq www

access-list dmztoinside extended permit tcp host 10.0.10.3 host 10.0.20.3 eq 5900

access-list dmztoinside extended permit tcp host 10.0.10.3 host 10.0.20.3 eq 5349

access-list dmztoinside extended permit tcp host 10.0.10.3 host 10.0.20.3 eq 5001

access-list dmztoinside extended permit tcp host 10.0.10.3 host 10.0.20.3 eq domain

access-list dmztoinside extended permit udp host 10.0.10.3 host 10.0.20.3 eq domain

access-list dmztoinside extended deny ip any 10.0.0.0 255.0.0.0

access-list dmztoinside extended permit ip 10.0.10.0 255.255.255.0 any

no nat (inside) 1 10.0.10.0 255.255.255.0

nat (dmz) 1 10.0.10.0 255.255.255.0

no static (dmz,outside) 10.0.10.3 yyy.yyy.yyy.yyy netmask 255.255.255.255

static (dmz,outside) yyy.yyy.yyy.yyy 10.0.10.3 netmask 255.255.255.255

access-list outsidedmz extended permit tcp any host yyy.yyy.yyy.yyy eq www

access-list outsidedmz extended permit tcp any host yyy.yyy.yyy.yyy eq https

access-list outsidedmz extended permit tcp any host yyy.yyy.yyy.yyy eq ftp

Thanks, that has part of the problem resolved the web server in the dmz can now access the internet, however the internet still can not access the web server still get page can not be displayed.

The configuration looks fine, have you tried ftp maybe it's just an issue with browsing to the server. Try allowing remote desktop (both server and ASA) and see if that works also.

If I go to my internal server (10.0.20.3) I can open the web page on the dmz web server 10.0.10.3 ok. I can surf the internet using IE from dmz web server ok. If I attempt to access the webpage - http://12.214.95.51/Winnebago/index.asp I get a page can't be displayed. That tells me the web server is ok, but request still aren't making to web server is there any acl to direct all web ports to port 80 as I noticed my request originated on a dynamic port when viewed with net stat -an

Could be that PAT needs to be configured in some way to direct http traffic to web server 10.0.10.3 ??

what is yyy.yyy.yyy.yyy?

12.214.95.51

12.214.95.51

is it dhcp assigned ip address to outside interface?

Yes it is supposed to be a "sticky" ip address Media Comm uses them instead of assigning static ip supposedly the 5505 should always get the same ip re assigned. I have tried using the ip address assigned statically to the interface but that makes no difference internet works but can't access web server from internet.

can you verify the ip address on the interface with a show int ip bri

Yes the IP 12.214.95.51 is correct when checked with the sh int ip bri command

That looks as if it has done it. I can't access the site from the inside but I had our store pull up the site http://12.214.95.51/winnebago/index.asp ok. Thanks for your help