could you give me more information?

I already put a static nat

"static (DMZ, outside) tcp interface 7010 10.10.10.2 7010 netmask 255.255.255.255"

Hmm, obvious maybe but is the dmz server listening at port 7010 ? Have you turned on debugging this will help you to see what is going wrong ...

Hi willem,

Yes, in the debug level, I see that everything is permitted. I was not blocking.

Hi,

You could check you firewall settings (which seem ok though) with the command "packet-tracer" from the CLI

For example with the following command:

packet-tracer input tcp 8.8.8.8 1025 41.225.12.250 7010

From the output check especially what the NAT phases of the packet-tracer say.

Also you can use the graphical user interface ASDM to check the realtime  monitor/logging to show what happens to the TCP connection. (For example if the connection is torn down because of SYN timeout or perhaps just TCP Reset)

And if you want to go even more deeper you can create a traffic capture on the ASAs outside interface for this traffic and view the capture on Wireshark for example to see whats happening on the connection.

PS. I guess you have changed you configurations abit since your attached configuration and the outside interface mentioned in the replys are different (

Foptique -> outside)

- Jouni

Hi

Thank you for your help,

I'll do the test with Packet trace just when I returned to the office and give you the answer.

Concerning the name of the interface, I changed it in the discuss to be meaningful.