I assume that you are using DNS for name resolution and that your DNS server provide you with the public IP address of the server. If that is the case, the firewall will be the recipient of the packet and will not place it back on your internal network to the server. What you need to do is setup an 'alias' command for the web server. This will change public IP address to the internal IP address in the DNS reply. See http://www.cisco.com/warp/customer/110/alias.html for a good example of the alias command.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...