"•(Routed mode) The default real and mapped interface is Any, which applies the rule to all interfaces.
•(8.3(1), 8.3(2), and 8.4(1)) The default behavior for identity NAT has proxy ARP disabled. You cannot configure this setting. (8.4(2) and later) The default behavior for identity NAT has proxy ARP enabled, matching other static NAT rules. You can disable proxy ARP if desired. See the "Routing NAT Packets" section for more information.
•If you specify an optional interface, then the ASA uses the NAT configuration to determine the egress interface. (8.3(1) through 8.4(1)) The only exception is for identity NAT, which always uses a route lookup, regardless of the NAT configuration. (8.4(2) and later) For identity NAT, the default behavior is to use the NAT configuration, but you have the option to always use a route lookup instead. See the "Routing NAT Packets" section for more information."
Please also refer to "Cisco ASA 5500 Series Configuration Guide using the CLI 8.4"
The egress interface selection has been a bit of an headache for me at some points and a source of confusion. I have read the exact same things you have mentioned in your post about the software level after which the behaviour of the ASA should change.
However, we for example have a couple of ASAs running 8.4(2) that still dont act as the Cisco documentation states which I find very dissapointing.
If there is no problems with the configurations (as it seems the NAT configuration is at the very top) you probably need to move to 9.0(x) or 9.1(x) software where I have found that the NAT works as is described in the documentation. Most of my tests are done on original ASA series so they dont support the software you are using. (Its the starting software for ASA5500-X Series) I use 8.4(5) and upwards for my tests
If there would be no errors in the configuration then I would say the problem might be on the software level even though the documentation indicates that it should work in your software. Then again as I said already, the documentation has been proven wrong by myself once already.
I was wondering if we could get any output with "packet-tracer" but the problem might be that the traffic is supposed to be entering from a L2L VPN connection.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...