We are using Cisco ASA 5506-X with three internet connections. First two for Internet fail-over and third is dialing out via PPPOE. The purpose of the third internet is to allow LIVE IP's configured on sub-interface of Inside. We are able to ping Server on inside subinterface from home but can't access web services via http. I have allowed http,https traffic on relevant interfaces but still in vain. Please note that we are able to access http,https, from directly connected interfaces. Following is Cisco ASA config.
interface GigabitEthernet1/1 nameif outside security-level 0 ip address 192.168.10.10 255.255.255.0 ! interface GigabitEthernet1/2 no nameif no security-level no ip address
interface GigabitEthernet1/2.103 \\ This is the sub-interface we are unable to access via http from home internet. \\Server IP 18.104.22.168/29 vlan 103 nameif LIVERangeNayatel security-level 100 ip address 22.214.171.124 255.255.255.248 !
interface GigabitEthernet1/4 nameif Nayatel \\ PPPOE dial-out for the above sub-interface ISP security-level 0 pppoe client vpdn group nayatelpppoe pppoe client route track 1 ip address pppoe setroute !
access list snap is attached.
Please note that same web server is accessible on secondary ISP Live ip if configured with that IP address.
... View more