Cisco ASA 5506 - Port forwarding for SMTP and HTTPS not working

Implementing a new Cisco ASA 5506 and I'm unable to get port forwarding for HTTPS and SMTP to work. In the Access Rules area I can see that I am getting port hits on the rules but the pass through from the outside to the inside is failing.

Following is the general config details I have at the moment. Thank you for any assistance you might be able to offer.

 
:
: Serial Number: ##########
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
: Written by enable_15 at 03:46:58.616 CDT Wed Sep 7 2016
!
ASA Version 9.5(1)
!
hostname FIREWALL
domain-name domain.com
enable password ***************
names
ip local pool Mail_Datacenter_VPN_Pool 10.0.1.225-10.0.1.245 mask 255.255.255.0
!
interface GigabitEthernet1/1
 description Datcenter subnet 1
 nameif outside
 security-level 0
 ip address XX.XX.XX.76 255.255.255.248
!
interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 10.1.100.1 255.255.255.0
!
interface GigabitEthernet1/3
 shutdown
 no nameif
 security-level 0
 no ip address
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 no nameif
 no security-level
 no ip address
!
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 10.1.100.20 inside
 name-server 10.1.100.21 inside
 domain-name domain.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network MSG1
 host 10.1.100.30
object network MSG2
 host 10.1.100.31
object network MSG3
 host 10.1.100.32
object network obj_Mail_Datacenter
 subnet 10.1.100.0 255.255.255.0
object network obj_Remote subnet 10.0.0.0 255.255.255.0
object network obj_Ouside_smtp
 host 10.1.100.30
object network obj_MSG1_smtp
 host 10.1.100.30
object network 10.0.0.0
 subnet 10.0.0.0 255.255.255.0
object network obj_Remote_Network
 subnet 10.0.0.0 255.255.255.0
object service mapped_SMTP_2500
 service tcp destination eq 2500
object network obj_MSG1_https
 host 10.1.100.30
object network InsideOut
 subnet 10.1.1.0 255.255.255.0
object network obj_XX.XX.XX.78
 host XX.XX.XX.78
object network outside-network2
 subnet XX.XX.XX.80 255.255.255.248
object network outside-network
 subnet XX.XX.XX.72 255.255.255.248
object network obj_MailServer_outside
 host XX.XX.XX.74
object network General_Datacenter
 subnet 10.1.1.0 255.255.255.0
object network obj_Outside_https
 host 10.1.100.30
object-group network DM_INLINE_NETWORK_1
 network-object object obj_MSG1_https
 network-object object obj_Outside_https
 network-object object obj_Ouside_smtp
access-list inside_access_in extended permit tcp any object obj_MSG1_smtp eq smtp inactive
access-list inside_access_in extended permit ip object obj_Mail_Datacenter object 10.0.0.0
access-list inside_access_in extended permit ip object Mail_Datacenter any
access-list outside_cryptomap_1 extended permit ip object obj_Mail_Datacenter object obj_RemoteNet
access-list outside_cryptomap_2 extended permit ip object obj_Mail_Datacenter object obj_Remote_Network
access-list outside_access_in extended permit tcp any object MSG1 eq https
access-list outside_access_in extended permit tcp any object MSG1 eq smtp
access-list outside_authentication extended deny tcp any4 object-group DM_INLINE_NETWORK_1 eq https
access-list outside_authentication extended deny tcp any4 object obj_MSG1_smtp eq smtp
access-list outside_authentication extended deny tcp any4 object obj_Ouside_smtp
access-list outside_authentication extended permit tcp any4 any4
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
 nat (any,outside) dynamic interface
object network obj_Ouside_smtp
 nat (outside,inside) static XX.XX.XX.74 service tcp smtp smtp
object network Indiana_Datacenter
 nat (inside,outside) dynamic XX.XX.XX.77
object network obj_Outside_https
 nat (inside,outside) static XX.XX.XX.75 service tcp https https
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.73 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
aaa-server DC protocol ldap
aaa-server DC (inside) host 10.1.100.20
 timeout 5
 ldap-base-dn dc=domain.com
 ldap-scope subtree
 server-type auto-detect
aaa-server DC (inside) host 10.1.100.21
 ldap-base-dn dc=domain,dc=com
 ldap-scope subtree
 server-type microsoft
aaa-server Duo-LDAP protocol ldap
aaa-server Duo-LDAP (outside) host Blah.duosecurity.com
 server-port 636
 ldap-base-dn dc=BLAH,dc=duosecurity,dc=com
 ldap-naming-attribute cn
 ldap-login-password ####
 ldap-login-dn dc=####,dc=duosecurity,dc=com
 ldap-over-ssl enable
 server-type auto-detect
user-identity default-domain LOCAL
aaa authentication match outside_authentication outside DC
http server enable 444
http 10.1.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 fqdn FIREWALL
 subject-name CN=FIREWALL
 proxy-ldc-issuer
 crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0

  quit

crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10

 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication crack
 encryption aes
 hash sha
 group 2
Mark2016Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
Have you run packet tracer?

packet-tracer input outside tcp 8.8.8.8 12345 10.1.100.30 80 detail

and do the same for port 25.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jan SpringerCommented:
This question should be closed with no solution and no points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.