Well I setup these public servers to allow our web servers to make a site accessible off network via ssl https. But I cannot seem to get it to work.

Hi

Did you do the capture?

For the firewall rules, everything is fine but as it has been told, you can make some cleanup and/or tweak rules /NAT already existing

Thanks

Doing the capture lead me to test on my cell phone. I am still trying to fine what is stopping it from being accessible from the inside.

Yeah I removed that one. Well 20.1.1.37 is the ip for the web server. There are two that I am trying to make public the other is 20.1.1.6. the outside ip's are 85.150.14.26 & 29.

Sorry about not given enough info.

ok, so 20.1.1.6 maps to 85.150.14.26 and 20.1.1.37 maps to 85.150.14.26. 

And you need to access these servers from internet over https. 

Now, please clarify which one is not working. The config seems to be legit, although it can fine tuned but we can keep it for a later stage once testing is done.

Can you check if the ip addresses you are using is routable if you are using them for the first time. One thing we can do for testing is to create a test nat using outside interface and see if that works:

object network owa-server
 nat (inside,outside) static interface service tcp 443 443 

Please test it. If it works, then we will have to check if the public ip address you are using are routable.

As a tshoot step, we can also set up captures on outside interface to see if traffic is arriving for a specific ip address:

cap capo interface outside match ip any host 85.150.14.26

and then initiate traffic on this ip on port 443. 

then take output of show cap capo

-

AJ

Sorry. After everything I did figure out that they are showing up outside the network after testing on my cell phone. The problem is that inside my network I cannot access them.

I have checked the DNS and everything seems fine. I cannot still access it from inside the network. I also cannot ping the outside interface from inside the network. Any ideas?

Also I have turn on our old gateway which the ASA replaced, I setup a PC to use that as the gateway as a test. I am about to get to the sites with no problem. It seems it only happens via the ASA that we cannot access it on the network.

Hi

Can you tell what tests are you doing? What it isn't accessible?

And please provide packet-tracer logs. 

Thanks

Thanks for the help that kind of lead me to some more testing and I found out that I can access it but just not from inside my network. I have to now figure out what is blocking it from inside.  Maybe I need to setup a NAT Loopback?

On your ASA, please do the following packet-tracer and paste the output:

packet-tracer input outside tcp 8.8.8.8 5565 85.150.14.29 443

If it's allowed then the issue isn't coming from ASA but something else internally.

Yeah agreed  All are allowed