Below is a section of a GNS topology I'm working on. I'm not having much luck when attempting to connect to the DMZ webserver (bottom right of image) from the webterm appliance (upper left hand corner)
What is working;
1. Outbound PAT, both machines are able to ping the IP on the outside of the routers (188.8.131.52 and 184.108.40.206)
I've included the ACL config for the ASA (the NAT statement image on the router doesn't show the 443 map), as the DMZ has a security level of 50. I am just learning about the ASA, but this seems like a NAT issue on the EDGEROUTER, the config for this is also shown.
I've setup a similar layout in GNS before, but instead of trying to access a webserver in a DMZ, I was trying to SSH to an internal device from outside. The static NAT statement worked, and the ACL on the ASA was configured in a similar way. In that setup, when viewing the NAT translations on the EDGEROUTER, a mapping could be seen when the connection came in.
With this setup, I've enabled a detailed NAT debug on the EDGEROUTER, and can see plenty of 'NAT: API Failed to get Translated-Info from:' messages in the output.
Is there anything funky happening because BGP separates these two routers?
You will need to modify the NAT configuration on the EDGEROUTER as follows:
no ip nat source static tcp 10.0.0.6 80 220.127.116.11 80
ip nat inside source static tcp 10.0.0.6 80 18.104.22.168 80
ip nat inside source static tcp 10.0.0.6 443 22.214.171.124 443