Dear all,

The Cisco ASA firewall has been upgraded from version 8.2 to version 9.12 and the configuration done accordingly.

With the new configuration, the services are not working.

Thanks to advise on the solution.

Scenarios are as follows:

1. Inbound Mail
2. Web Mail
3. Web Server

Version 8.2 Configuration:

Inbound ACL:

access-list out_in extended permit tcp any host Mail-Server-Public-IP eq smtp
access-list out_in extended permit tcp any host Web-Mail-Public-IP eq https

access-list out_in extended permit tcp any host Web-Server-Public-IP eq https

Outbound ACL:

access-list in_out extended permit ip y.y.y.y 255.255.255.0 any

NAT:

static (dmz,outside) tcp Mail-Server-Public-IP smtp Mail-Server-IP smtp netmask 255.255.255.255
static (inside,outside) tcp Web-Mail-Public-IP https Web-Mail-IP https netmask 255.255.255.255 
static (inside,outside) tcp Web-Server-Public-IP https Web-Server-IP https netmask 255.255.255.255

global (outside) 1 z.z.z.z netmask 255.0.0.0

nat (inside) 1 0.0.0.0 0.0.0.0

Version 9.12 Configuration:

Objects:

object network Mail-Server-IP
 host a.a.a.a
object network Mail-Server-Public-IP

 host b.b.b.b

object network Web-Mail-IP
 host c.c.c.c
object network Web-Mail-Public-IP

 host d.d.d.d

object network Web-Server-IP
 host e.e.e.e
object network Web-Server-Public-IP

 host f.f.f.f

object network OBJ-Internet
 host x.x.x.x

object service OBJ-TCP-https
 service tcp source eq https

Inbound ACL:

access-list out_in extended permit tcp any host Mail-Server-Public-IP eq smtp
access-list out_in extended permit tcp any host Web-Mail-Public-IP eq https

access-list out_in extended permit tcp any host Web-Server-Public-IP eq https

Outbound ACL:

access-list in_out extended permit ip y.y.y.y 255.255.255.0 any

NAT:

nat (dmz,outside) source static Mail-Server-IP Mail-Server-Public-IP

nat (inside,outside) source static Web-Mail-IP Web-Mail-Public-IP service OBJ-TCP-https OBJ-TCP-https

nat (inside,outside) source static Web-Server-IP Web-Server-Public-IP service OBJ-TCP-https OBJ-TCP-https

nat (inside,outside) after-auto source dynamic any OBJ-Internet description PAT