Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Could this be a subnet-zero issue? Also, your next hop in the "ip route 172..." statement needs to be an interface address, not a network. It needs to have either the LAN address to R3 or R2 as the third address statement--"ip route 172.16.0.0 255.25...
You definitely want an ISR then. I administer two networks with similar configuration and the ISR is great. Most of the ISRs also include the IPS and content filtering services found on the ASAs.
I don't know of a link, but here are some of the defaults for the card that I'm aware of.Serial Encapsulation: HDLCSignal Framing: ESFLine Coding: B8ZSFrame Relay LMI Type: CiscoFrame Relay Encapsulation: Cisco
I have a very similar setup where I have static mapped NAT with mapped ports to a specific service behind my firewall. The only difference that I see between your setup and mine, besides the completely different access lists, is that your static NAT ...
