packet-tracer input outside tcp 10.30.144.6 22 18.104.22.168 22 detail This will fail as Source-address 10.30.144.6 is associated with inside address and traffic per command is originating from outside. You can try it by reversing the IP addresses. packet-trace input outside tcp 22.214.171.124 22 10.30.144.6 22 detail. Another thing you can try is capture command on Inside interface and also on outside interface. capture CapInside interface inside match ip any host 126.96.36.199 capture CapOutside interface outside match ip host 188.8.131.52 any Then initiate traffic from client and check the capture Show capture CapInside Show capture CapOutside Do you see traffic headed out on CapInside, if yes then the issue is not the core, if no traffic then its the core or the client. If traffic is coming back from remote IP then issue is not within the ASA. Do you see traffic going out on CapOutside to remote IP ?, do you see response coming back from the Remote IP ? If traffic is going out but not coming back then the issue is remote site, if traffic is coming back but not making it to the CapInside then issue is on the ASA. You may have to repeat the capture for your other public IP.
... View more
capture asp type asp-drop then check capture with command show capture asp to check and see if your traffic is getting dropped to host 184.108.40.206 or 220.127.116.11 can also run packet-tracer input <insert interface inside nameif> tcp 10.10.10.10 22 18.104.22.168 22 detail to check and see if traffic is allowed or dropped by ACL / NAT PS: Please replace 10.10.10.10 with your inside IP host address, You are looking for something like this at the end: Result: input-interface: inside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: allow
... View more