I've recently acquired a Cisco ASA 5506-X with version 9.4 and I'm having issues trying to ping the backup outside interface from an external network.

I have 2 outside interfaces labelled outside2 and outside3 and for this example 1 internal network labelled inside.

The internal network can access the internet without issues and the router can ping anything on the internet, say 8.8.8.8.

If I'm on my home network, I can ping the local interface of outside3 but not outside2. outside2 has an AD of 12 and outside3 has an AD of 11.

I've tested the failover and both links work. I've even put on some policy based routing on an ip range that confirms I can route outside2 while outside3 is operational.

I've tried packet trace but it says dropped by configuration rule, despite my access lists permitting absolutely everything as per below;

access-list outside3_access_in; 2 
access-list outside3_access_in line 1 extended permit tcp any object obj-port-forward1 eq 8060
access-list outside3_access_in line 1 extended permit tcp any host 192.168.249.9 eq 8060 
access-list outside3_access_in line 2 extended permit ip any any 
access-list outside2_access_in; 1 
access-list outside2_access_in line 1 extended permit ip any any 
access-list global_access; 1 
access-list global_access line 1 extended permit ip any any
access-list outside3_access_out; 1 
access-list outside3_access_out line 1 extended permit ip any any
access-list outside2_access_out; 1
access-list outside2_access_out line 1 extended permit ip any any 

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

Can anyone assist?

Thanks,

Richard