Did that, cleared the xlate for one specific host to see if that will solve the issue still the same thing.  I worked with Cisco TAC too and they ran captures and same results that I got.  We have two ISP's and two different firewalls I routed traffic to this website via second ISP and second firewall same results.  Interesting thing is that two machines on our DMZ work.  I put a desktop on the DMZ and it didn't work.  My own laptop it works from any other network but as soon as I put it on our network it does not work. 

I used the filter exception so that it by passes websense, even removed websense configuration completely from the ASA still the same results.

Hello Mohammad,

Are the 2 asa's on failover mode?

Okay I liked this part:

even removed websense configuration completely from the ASA still the same results.

Okay so you removed the websense did a clear local and it did not work? Do you remember if you did a clear local-host after removing the websense configuration?

Can you send me on a private message the case number so I can take a look at it and help you

Rate all the helpful posts

Julio

Found something interesting.  If I NAT any of the internal IP to one of the other available IP's we have from our ISP website works.

There should be captures attached to the case if not let me know and I can email them to you.  I have also contacted their tech support and waiting to hear back from them.  If either side has black listed the IP(s) would we get this in our browser when trying to access the website though?

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Checking the captures

On the captures I do not see anything related to an error. I see a HTTP 1.1 302 redirect message but that is normal ( that just says the resource or HTTP server it's now on a different URI)

But they exchange data regularly. I do not know if those captures are the ones while the issue happens as I can see a 3 way handshake and both client and server exchanging data.

I think we are going to need a brand new captures

capture capin interface inside match tcp host real_host_ip host http_server eq 80

capture capout interface outside match tcp host Natted_Ip host http-server eq 80

Send an http request and send me both captures;

Regards,

Ok so here is the update, we were all right and the captures are fine 3  way hand shake looks good but the website still wasn't working.  After I  changed the NATed IP to one of the other IP we have available it worked.  So that lead me in a different direction and after contacting the website technical support people I found out that our IP was blocked on their side.  I wish there was something more descriptive they would throw at the clients when they block their IP for any reason lol.  Thank you for your help with this.

Hello Mohammad,

WOW, really you are correct, maybe they could send a reset packet and that could have lead us to the problem faster.

At least we were right regarding the blacklisted Ip

Can you mark the question as answered so future users can learn from this topic

Have a great day

Julio