SSG5: No Inbound Trust Internet Access

Currently, I have an SSG5 with the latest firmware that has a very simple setup (I have left it simple until I can get the basics working), but I cannot seem to get Untrust-->Trust traffic working.

Setup
SSG5: has been through the GUI setup wizard and has the three basic zones, Untrust (port 0/0), DMZ (0/1) and Trust (0/2-0/6). Untrust is a /29 (xx.xx.xx.130/29, which we will call untrust.130) with the SSG5's web GUI on the first usable IP. DMZ is 10.0.0.1 and connected to nothing, while Trust is on a /27 (xx.xx.xx.128/27 which we will call trust.128) with the zone set to .130 w/the manageable IP on .144 (there are other serers on this /27 and .50 is the first free one other than .130).  A patch cable runs from 0/0 to the primary switch in the rack, which has an uplink out of the data center.
Server: There is a server plugged into 0/4 (which would be trust) running Linux that is assigned xx.xx.xx.150 in the Trust /27.  IPTables is disabled, and there is a Lantronix KVM plugged into the server so I make any network changes while troubleshooting.  Before plugging it into the firewall, I could ping it, SSH to it, and so on.  In all descriptions, this is what I am always trying to reach or traffic OUT of.

Policies
Global: ANY/ANY/PING, ANY/ANY/TRACEROUTE, and an ANY/ANY/IPGROUP with IPGROUP being an address group with company static IPs such as offices, and so on.
Trust --> Untrust: ANY/ANY/ANY -- Source Translation (Use Egress Interface IP) ** See Note below
Untrust --> Trust: ANY/ANY/ANY

Problems
Cannot ping in or out (using google.com or 8.8.8.8) and cannot SSH in or out.  I *can* ping untrust.130.  So although I can access untrust fine from the outside (I can hit the SSG GUI, ping the SSG GUI IP, ping google.com from the SSG5,etc), and I cannot access trust from the outside, or access the outside from trust.

Note: Now, if I go to the untrust interface and change it from route (both interfaces were set to route) to NAT *or* change the Trust  --> Untrust policy to  Source Translation (Use Egress Interface IP), then I can ping google.com, and ping 8.8.8.8.  But I still cannot reach trust from the outside.
LVL 1
hmsinfraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The factory setting is to have Trust in NAT mode and Untrust in Route, and no Source Translation in the policies. And that should work fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.