I have a Cisco ASA 5510 with a 5 block of IP addresses assigned from our ISP.  I am having issues with connectivity and routing traffic from the outside interface to the outside interface.  I have my outside interface set up with IP address of 24.182.x.146, it allows internet access and also hosts a web server.  Any time I have a client using this device for internet access, I am unable to have traffic accepted for my web server. I.E 100.100.x.52 is using this device, it browses to https://24.182.x.146 and it gets an unable to connect.  I am able to connect to the web server from any other ISP/Device

Thank You all in advance for looking at this.

Below is my current config

CiscoASA# sh run

: Saved

:

ASA Version 8.3(1)

!

hostname CiscoASA

enable password V2weNZuR0xPieBxK encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 24.182.13.146 255.255.255.248

no pim

no igmp

!

interface Ethernet0/1

nameif Inside

security-level 100

ip address 100.100.100.136 255.255.252.0

no pim

no igmp

ospf network point-to-point non-broadcast

!

interface Ethernet0/2

shutdown    

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

boot system disk0:/asa831-k8.bin

ftp mode passive

clock timezone PST -8

clock summer-time PDT recurring

dns domain-lookup outside

dns server-group BVCH

name-server 100.100.100.98

dns server-group DefaultDNS

name-server 68.190.192.35

name-server 71.9.127.107

name-server 4.2.2.3

dns-group BVCH

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj-0.0.0.0

host 0.0.0.0

object network obj_any-01

subnet 0.0.0.0 0.0.0.0

object service PharmServerRD

service tcp destination eq 6257

object network obj-inside

subnet 100.100.100.0 255.255.252.0

object network obj-avreo

host 100.100.100.4

object network obj-avreord

host 100.100.100.4

object network obj-sqlrd

host 100.100.100.98

object network obj-adp

host 100.100.102.14

object network obj-Avreossl

host 100.100.100.4

object network NETWORK_OBJ_10.1.1.0_24

subnet 10.1.1.0 255.255.255.0

object network NETWORK_OBJ_100.100.100.0_22

subnet 100.100.100.0 255.255.252.0

object network obj-10.1.1.0

subnet 10.1.1.0 255.255.255.0

object network NETWORK_OBJ_100.100.100.0_24

subnet 100.100.100.0 255.255.255.0

object network 100.100.5.0

subnet 100.100.5.0 255.255.255.0

description Voice                           

object network 100.100.5.4

host 100.100.5.4

description Message Manager                           

object network obj-Webserver

host 100.100.100.6

object network ext-1

host 24.182.13.147

object network ssl-baracuda

host 100.100.100.97

object-group service RD tcp

description RD

port-object eq 6250

port-object eq 6251

port-object eq 6252

port-object eq 6257

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list outside_in remark Permit Traffic to 100.100.100.6 - HTTP

access-list outside_in extended permit tcp any host 100.100.100.6 eq www

access-list outside_in remark Permit Traffic to 100.100.102.14 - RD

access-list outside_in extended permit tcp any host 100.100.102.14 eq 3389

access-list outside_in remark Permit Traffic to 100.100.100.98 - RD

access-list outside_in extended permit tcp any host 100.100.100.98 eq 6252

access-list outside_in remark Permit Traffic to 100.100.100.4 - HTTPS

access-list outside_in extended permit tcp any host 100.100.100.4 eq https

access-list outside_in remark Permit Traffic to 100.100.100.4 - RD

access-list outside_in extended permit tcp any host 100.100.100.4

access-list outside_in remark Permit Traffic to 100.100.100.20 - RD

access-list outside_in extended permit tcp any host 100.100.100.20

access-list outside_in extended permit tcp any host 100.100.100.97 eq https

access-list to100.5.4 extended permit ip any host 100.100.5.4

access-list rhccomp extended permit ip any 10.10.10.0 255.255.255.224

access-list rhcphone extended permit ip any 10.10.5.0 255.255.255.224

access-list outside_cryptomap extended permit ip 100.100.100.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list CAP extended permit icmp any any

access-list CAP extended permit icmp any 24.182.13.144 255.255.255.248

access-list CAP extended permit tcp any host 24.182.13.147 eq https

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu Inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

icmp permit any Inside

asdm image disk0:/asdm-631.bin

no asdm history enable

arp timeout 14400

nat (Inside,outside) source static any any destination static obj-10.1.1.0 obj-10.1.1.0

nat (Inside,outside) source static NETWORK_OBJ_100.100.100.0_24 NETWORK_OBJ_100.100.100.0_24 destination static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24

!

object network obj-inside

nat (Inside,outside) dynamic interface

object network obj-avreo

nat (Inside,outside) static interface service tcp www www

object network obj-avreord

nat (Inside,outside) static interface service tcp 6256 6256

object network obj-sqlrd

nat (Inside,outside) static interface service tcp 6252 6252

object network obj-adp

nat (Inside,outside) static interface service tcp 3389 9999

object network obj-Avreossl

nat (Inside,outside) static interface service tcp https https

object network ssl-baracuda

nat (Inside,outside) static ext-1

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 24.182.13.145 1

route Inside 10.5.4.0 255.255.255.0 100.100.100.156 1

route Inside 10.5.5.0 255.255.255.0 100.100.100.156 1

route Inside 10.10.5.0 255.255.255.224 100.100.100.159 1

route Inside 10.10.10.0 255.255.255.224 100.100.100.159 1

route Inside 100.100.5.0 255.255.255.0 100.100.100.159 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 100.100.100.0 255.255.252.0 Inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sysopt noproxyarp outside

sysopt noproxyarp Inside

sysopt noproxyarp management

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map1 1 match address outside_cryptomap

crypto map outside_map1 1 set pfs

crypto map outside_map1 1 set peer 65.115.125.41

crypto map outside_map1 1 set transform-set ESP-3DES-MD5

crypto map outside_map1 interface outside

crypto isakmp enable outside

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 28800

no crypto isakmp nat-traversal

telnet 100.100.100.0 255.255.252.0 Inside

telnet timeout 5

ssh timeout 5

console timeout 0

management-access Inside

dhcpd address 192.168.1.2-192.168.1.254 management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec svc

username srogers password zI5NKeqdTq25lLxy encrypted privilege 15

username thagerman password PT28vZviqpU4QZ8k encrypted privilege 15

username mcard password l2OErQyeYqC72NG8 encrypted privilege 15

tunnel-group 65.115.125.41 type ipsec-l2l

tunnel-group 65.115.125.41 ipsec-attributes

pre-shared-key *****

!

class-map rhcphone

match access-list rhcphone

class-map test

match access-list to100.5.4

class-map inspection_default

match default-inspection-traffic

class-map rhc

match access-list rhccomp

!

!

policy-map type inspect dns migrated_dns_map_1

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns migrated_dns_map_1

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

class test

  set connection advanced-options tcp-state-bypass

class rhc

  set connection advanced-options tcp-state-bypass

class rhcphone

  set connection advanced-options tcp-state-bypass

!

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:01f91fc3183151d23ff656139db40077

: end

CiscoASA#