Need help with static routes on 5510 - not all traffic passes
Hi,here's the scenario
I have a 5510 as the default gateway for the network, on 184.108.40.206/23
There is another 5510 on the network on 220.127.116.11, this is the gateway for another network 18.104.22.168/23.
There is one host behind the second 5510 at 22.214.171.124.
There is a route in the first 5510 to route traffic to the 126.96.36.199 network to 188.8.131.52. This works (eventually - after doing some stuff with the NAT between the two networks) and I can ping between the hosts 184.108.40.206 and 220.127.116.11 so I know that there is a traffic path. However VNC traffic will not pass - and I get Reset-O in the log.
However, if I put a static route into the client on .19 to route via 18.104.22.168 then the VNC will connect.
I conclude therefore that there are issues with the gateway 5510 on 22.214.171.124 where a rule (or rules) are stopping the traffic passing (even though it should be going into and out of the same interface).
The rules are:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Webmail tcp
port-object eq 32000
object-group network ROP
network-object 126.96.36.199 255.255.254.0
object-group protocol TCPUDP
object-group protocol DM_INLINE_PROTOCOL_1
object-group protocol DM_INLINE_PROTOCOL_2
object-group service VNC tcp
port-object eq 5900
access-list IPSecVPN_splitTunnelAcl standard permit 188.8.131.52 255.255.254.0
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside object-group Webmail
access-list outside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit icmp any any log debugging inactive
access-list inside_nat0_outbound extended permit ip 184.108.40.206 255.255.254.0 220.127.116.11 255.255.255.240
access-list nonat extended permit ip 18.104.22.168 255.255.254.0 22.214.171.124 255.255.255.240
access-list nonat extended permit ip 126.96.36.199 255.255.254.0 188.8.131.52 255.255.254.0
access-list inside_nat0_outbound_1 extended permit ip 184.108.40.206 255.255.254.0 220.127.116.11 255.255.255.240
access-list inside_nat0_outbound_2 extended permit ip 18.104.22.168 255.255.254.0 22.214.171.124 255.255.254.0
access-list inside_nat0_outbound_2 extended permit ip 126.96.36.199 255.255.254.0 host 188.8.131.52
access-list inside_access_out extended permit tcp any any object-group VNC
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...