403 Forbidden Access error inside network

I'm getting a 403 forbidden error inside one of my new  client's network when they try to go to their own website.  The website is hosted outside the network.  I can't ping the site inside the network either.  Every other website seems to work from inside the network.  If I'm outside the network the website works fine and I can ping it as well.  One of our 5 servers has IIS on it, but there is no website.

I think it may have to do with the ASA 5505 Cisco router.  We had an expert come in and upgrade the license from 10 users to 50 users.  We noticed this error about a week later, but we don't go to the website that often, so it may be a coincidence.  Also, some of our users are no longer getting email (pop3) inside the network from other co-workers.  The email is hosted outside the network as well.

Another possibility is the client's external IP was on 2 blacklists even though they don't have Exchange e-mail server on-site.  But I did get them removed from these blacklists today.

Not sure where to start looking, open to suggestions.
carotompAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
It has to do with DNS what you are getting is your LOCAL website and not the REMOTE.  This is usually because of using the same domain for both.. you need to setup a split dns. A walk through is available  here

or a new A record in your dns
A www  externalipaddress

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
carotompAuthor Commented:
Thanks for your advice.  This looks like the right track.  But whoever set up this domain, already created a split DNS zone, with the same names for internal and external.  Also, the internal DNS zone already includes everything associated with the internal network.  

I did just add the Naked Domain record and the www. record which originally had the wrong IP address associated.    

Their webhost also has a www. record with a different external IP--could this be causing the problem?

I still can't reach the website or ping it internally.    Thank you for any further advice that you may have on how to fix this problem.
David Johnson, CD, MVPOwnerCommented:
use the external ip from the webhost dns setting.. it is normal for sites to not respond to ping requests. responding to icmp needs to be configured in the firewall
carotompAuthor Commented:
Thank you so much for your time.  The split DNS was the solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.