I found that the default http inspect policy causes web mail systems like Yahoo, Gmail, HotMail, etc... to be blocked. The problem was that the PIX just generated a general TCP Deny log entry instead of stating the inspect policy was triggered.
In order to get webmail systems working I had to customize the http policy to allow non-complaint RFC 2616 POST's.
This must be a common issue for PIX users, but I did not see anything posted about it. If you ran into this problem or have a better solution please post.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...