Cannot access Backup interface from inside

When pointing to our Webdefense proxy (port 3178) on backup interface 64.2.113.132 our packets are blocd:

Config
static (inside,backup) 64.2.113.132 192.168.10.12 netmask 255.255.255.255
nat-control
match ip inside host 192.168.10.12 backup any
static translation to 64.2.113.132
translate_hits = 1020, untranslate_hits = 2595
ASA-111608a-config.txt
snchelpdeskAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Im confused -  whats blocked? you have no outgoing web trafiic?
0
snchelpdeskAuthor Commented:
Sorry for the confusion,  we recently switched from a Netgear router that was configure to allow access to an external web defense proxy via port 3128.  With the new ASA setup the traffic seems to be blocked - the only rule I could find to allow hasn't worked:

object-group service Common tcp
 group-object RDP
 group-object TimeClock
 group-object rww
 port-object eq 3128
 port-object eq www
 port-object eq https
 port-object eq pptp
 port-object eq 1471

access-list backup_access_in extended permit tcp any host 64.2.113.130 log errors
access-list backup_access_in extended permit tcp 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list backup_access_in extended permit udp 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list backup_access_in extended permit tcp any host 64.2.113.132 object-group Common log critical

ASA-111708-config.txt
0
donaldchapellCommented:
I would take nat-control off, I have had nightmares trying to use that.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snchelpdeskAuthor Commented:
I dropped nat-control but my is dependent on it.  I have resolved the issue by setting up a dns entry to the local interface of the server hosting the web defense access.  Off to find an easy way to monitor the ASA traffic - I have another application that wants RPC...  Thank you for your assist.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.