hi ,

i have to access my internel server (172.18.1.17/24) from public interface (OUT_FO: 41.231.82.254) in http. but the access is not working.

my config is in attachements

here is the result of command "packet tracer" and it shows that i have a problem in NAT (Phase 5)

!!!!!!!!!!!!!!!!

packet-tracer input out_FO tcp 41.231.8.90 80 172.18.1.17 80 detailed

Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.18.1.0 255.255.255.0 lan

Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group from-FO in interface OUT_FO
access-list from-FO extended permit tcp any object newmigAIFT eq www
Additional Information:
Forward Flow based lookup yields rule:
in id=0xace9cfd0, priority=13, domain=permit, deny=false
hits=1330, user_data=0xa907e080, cs_id=0x0, use_real_addr, flags=0x0, pr otocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=172.18.1.17, mask=255.255.255.255, port=80, dscp=0x0
input_ifc=OUT_FO, output_ifc=any

Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacd429b0, priority=0, domain=inspect-ip-options, deny=true
hits=7834, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=OUT_FO, output_ifc=any

Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group out-lan out interface lan
access-list out-lan extended permit tcp any any
Additional Information:
Forward Flow based lookup yields rule:
out id=0xad469c98, priority=13, domain=permit, deny=false
hits=1448, user_data=0xa907d100, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=any, output_ifc=lan

Phase: 5
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
object network newAIFTFO
nat (lan,OUT_FO) static interface service tcp www www
Additional Information:
Forward Flow based lookup yields rule:
out id=0xaccd9c58, priority=6, domain=nat-reverse, deny=false
hits=1331, user_data=0xace56d70, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=172.18.1.17, mask=255.255.255.255, port=80, dscp=0x0
input_ifc=OUT_FO, output_ifc=lan

Result:
input-interface: OUT_FO
input-status: up
input-line-status: up
output-interface: lan
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

please HELP !!!