A client has a weird problem. They have a class A network, let's call it 10.0.0.0/8. They have an ASA5525-X with Firepower.
An internal workstation like 10.0.1.100 cannot ping or browse to an internal web server 10.0.1.200 load balanced over two real servers, 10.0.1.180 and 10.0.1.181. All have the right subnet mask, gateways and DNS servers. While at the same time, another workstation like 10.0.2.24 can access the webserver. We've looked at the routes on both and they are identical. However, a packet-tracer on the ASA fails for both workstations. To complicate things, another workstation which could not access the website on Friday, can today.
The packet-tracer output:
firewall/pri/act# packet-tracer input inside tcp 10.0.1.100 2938 10.0.1.200 80
Subtype: Resolve Egress Interface
found next-hop 10.0.1.200 using egress ifc inside
nat (inside,any) source static any any destination static obj-10.0.0.0 obj-10.0.0.0 no-proxy-arp route-lookup
NAT divert to egress interface inside
Untranslate 10.0.1.200/80 to 10.0.1.200/80
Please help. Thank you.