I have rece

ntly deployed a Cisco ASA 5510 Security plus firewall on my companies network, but

there is a problem that I am finding hard to get by and I think it is ASA related.

From (inside we are not able to hit any of our sites that are on the (outside).  I have nat policies in place to translate the public to private, but I think I that I need some thing more.  This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)

I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.

: Saved
:
ASA Version 8.2(4)
!
hostname New_FW1
domain-name company_name.com
enable password yI1seDbeR7X1IlFN encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address X.X.X.71 255.255.255.192
!
interface Ethernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 10.250.1.2 255.255.0.0
!
interface Ethernet0/2
speed 100
duplex full
nameif wireless
security-level 75
ip address 192.168.50.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.180.1 255.255.255.0
management-only
!
banner exec                 ** W A R N I N G **
banner exec Unauthorized access prohibited. All access is
banner exec monitored, and trespassers shall be prosecuted
banner exec to the fullest extent of the law.
banner login                 ** W A R N I N G **
banner login Unauthorized access prohibited. All access is
banner login monitored, and trespassers shall be prosecuted
banner login to the fullest extent of the law.
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name beaconservices.com
object-group service weblogic-services tcp
port-object eq 5001
port-object eq 6001
port-object eq 7001
port-object eq 9001
object-group service web-services tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_0 tcp
group-object weblogic-services
group-object web-services
object-group network ftp-servers
network-object host X.X.X.72
network-object host X.X.X.90
object-group network web-servers
network-object host X.X.X.117
network-object host X.X.X.121
network-object host X.X.X.73
network-object host X.X.X.74
network-object host X.X.X.82
network-object host X.X.X.83
network-object host X.X.X.87
network-object host X.X.X.92
network-object host X.X.X.88
network-object host X.X.X.89
network-object host X.X.X.66
object-group network terminal-servers
network-object host X.X.X.75
network-object host X.X.X.77
network-object host X.X.X.90
object-group network mail-servers
network-object host X.X.X.86
object-group network lotusnotes-server
network-object host X.X.X.66
object-group network weblogic-servers
network-object host X.X.X.79
object-group service ftp-services tcp
port-object eq ftp
port-object eq ftp-data
object-group service remotedesktop-services tcp
port-object eq 3389
object-group service lotus-services tcp
port-object eq lotusnotes
port-object eq smtp
object-group icmp-type ping-services
icmp-object echo
icmp-object echo-reply
icmp-object information-reply
icmp-object information-request
icmp-object traceroute
object-group service DM_INLINE_TCP_1 tcp
group-object lotus-services
group-object web-services
object-group service DM_INLINE_TCP_2 tcp
group-object ftp-services
group-object remotedesktop-services
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
access-list outside extended permit tcp any object-group ftp-servers object-group ftp-services
access-list outside extended permit tcp any object-group mail-servers eq smtp
access-list outside extended permit tcp any object-group terminal-servers object-group remotedesktop-services
access-list outside extended permit tcp any object-group web-servers object-group web-services
access-list outside extended permit tcp any object-group weblogic-servers object-group DM_INLINE_TCP_0
access-list outside extended permit tcp object-group mail-servers host X.X.X.66 object-group DM_INLINE_TCP_1
access-list outside extended permit tcp any host X.X.X.66 eq lotusnotes
access-list outside extended permit tcp any host X.X.X.73 object-group web-services
access-list outside extended permit tcp any host X.X.X.74 object-group web-services
access-list outside extended permit tcp any host X.X.X.75 object-group remotedesktop-services
access-list outside extended permit tcp any host X.X.X.77 object-group remotedesktop-services
access-list outside extended permit tcp any host X.X.X.79 object-group weblogic-services
access-list outside extended permit tcp any host X.X.X.80 object-group web-services
access-list outside extended permit tcp any host X.X.X.82 object-group web-services
access-list outside extended permit tcp any host X.X.X.83 object-group web-services
access-list outside extended permit tcp any host X.X.X.89 object-group web-services
access-list outside extended permit tcp any host X.X.X.87 object-group web-services
access-list outside extended permit tcp any host X.X.X.90 object-group DM_INLINE_TCP_2
access-list outside extended permit tcp any host X.X.X.92 object-group web-services
access-list outside extended permit tcp any host X.X.X.117 object-group web-services
access-list outside extended permit tcp any host X.X.X.121 object-group web-services
access-list outside extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list outside extended permit icmp any any time-exceeded
access-list inside extended permit ip any any
access-list inside extended permit icmp any any object-group ping-services
access-list inside extended permit udp any any
pager lines 24
logging enable
logging asdm critical
mtu outside 1500
mtu inside 1500
mtu wireless 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
global (outside) 1 X.X.X.67
nat (inside) 1 10.250.0.0 255.255.0.0
nat (wireless) 1 192.168.50.0 255.255.255.0
static (inside,outside) X.X.X.86 10.250.1.6 netmask 255.255.255.255
static (inside,outside) X.X.X.90 10.250.1.90 netmask 255.255.255.255
static (inside,outside) X.X.X.66 10.250.1.62 netmask 255.255.255.255
static (inside,outside) X.X.X.73 10.250.1.101 netmask 255.255.255.255
static (inside,outside) X.X.X.89 10.250.1.103 netmask 255.255.255.255
static (inside,outside) X.X.X.82 10.250.1.106 netmask 255.255.255.255
static (inside,outside) X.X.X.83 10.250.1.107 netmask 255.255.255.255
static (inside,outside) X.X.X.92 10.250.1.108 netmask 255.255.255.255
static (inside,outside) X.X.X.79 10.250.1.109 netmask 255.255.255.255
static (inside,outside) X.X.X.117 10.250.1.110 netmask 255.255.255.255
static (inside,outside) X.X.X.87 10.250.1.111 netmask 255.255.255.255
static (inside,outside) X.X.X.74 10.250.1.112 netmask 255.255.255.255
static (inside,outside) X.X.X.121 10.250.1.113 netmask 255.255.255.255
static (inside,outside) X.X.X.80 10.250.1.100 netmask 255.255.255.255
static (inside,outside) X.X.X.75 10.250.1.75 netmask 255.255.255.255
static (inside,outside) X.X.X.77 10.250.1.77 netmask 255.255.255.255
access-group outside in interface outside
access-group inside in interface inside
route outside 0.0.0.0 0.0.0.0 X.X.X.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.180.0 255.255.255.0 management
snmp-server location Town, CA, USA
snmp-server contact Tech Services, xxx-xxx-xxxx, tech_services@company_name.com
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.250.0.0 255.255.0.0 inside
telnet timeout 60
ssh 10.250.0.0 255.255.0.0 inside
ssh timeout 60
console timeout 0
management-access management
dhcpd address 192.168.180.11-192.168.180.20 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tftp-server inside 10.250.1.90 C:\TFTP-Root
webvpn
username cisco password sS5u3RUdRWfZ5jw2 encrypted
!
class-map inspection_default
match default-inspection-traffic
class-map class_pptp
match port tcp eq 1728
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect http
class class_pptp
  inspect pptp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:4ff081b35de56518fea99cd8c3a2fbbb
: end
asdm image disk0:/asdm-635.bin
no asdm history enable