Hi everybody

I'm trying to configure a 515E + failover unit and I' ve a little problem Let's imagine the following scenario:

Inside network 192.168.10.0 255.255.255.0 on interface "inside" ethernet1 security 100 100full

ISDN router 192.168.20.250 255.255.255.0 on interface "outside" ethernet0 security 0 10full

WWW Server 192.168.30.1 255.255.255.0 on interface "opti" ethernet3 security80 100full

LAN 192.168.210.0 255.255.255.0 on interface "router" ethernet2 security60

100fulll

The other two interfaces are unused. The basic configuration is intended to allow internet access and WWW Server access for users in "inside" and "router"

Internet and WWW access for "inside" and "router":

nat (inside) 1 0 0 -- open connections in lesser secure interfaces

nat (router) 1 0 0 -- open connections in lesser secure interfaces

global (outside) 1 192.168.20.5 netmask 255.255.255.0 -- outbound PAT address for the Internet

global (opti) 1 192.168.30.5 netmask 255.255.255.0 -- PAT for WWW Server

This should permit traffic from "router" to internet and from "inside" to internet and WWWServer, but access to WWWServer from "inside" doesn't work. As "router" is less secure than "opti" I have configured the following to allow access from "router" to "opti":

static(opti,router) 192.168.20.1 192.168.30.1 netmask 255.255.255.0

access-list router_out permit tcp any any eq http

access-list router_out permit tcp any any eq domain

access-list router_out permit udp any any eq domain

access-group router_out in interface router

As you can see, is quite simple... but I can't give access to WWWServer from "inside". Access from "router" works properly.

Can anybody tell me what's happening?

Thanks a lot in advance.