I'm sure this is a simple configuration issue but here is my issue:
We are running an HTTPS service on a host that is connected to our DMZ network on our ASA. This host and ASA can communicate just fine. I've created an ACL rule that allows HTTPS traffic from the outside world to the hosts DMZ IP address. I've also created a static NAT for the hosts DMZ IP address to the hosts public IP address. A request from the outside world creates a connection and can be seens via Wireshark on the host. However, a full handshake does not complete.
I see the following on the ASA:
show conn reports
TCP Internet 173.3.X.X:46061 DMZ 10.18.X.X:443, idle 0:00:00, bytes 0, flags SaAB
During this connection in Wireshark on the host I see the HTTPS request coming from the 173.3.X.X address which is followed by the host performing an ARP request asking who owns 173.3.X.X. This is where the communications chain stops. The 173.3.X.X host continues to try to access the site and I see the requests in Wireshark. I see the DMZ host continually request ARP for who owns 173.3.X.X but it never receives a reply.
Other hosts on this DMZ are working with other services (i.e. SMTP) but this one is not.
My ACL is:
access-list Internet_IN extended permit tcp any host 10.18.X.X eq https
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...