Question : Cisco ASA 5505 not passing traffic (Possible NAT or ACL issue)

I have an ASA 5505 in front of (7) devices.  Each device is statically NAT'd to an external IP address with ACLs restricting the specific ports.  This setup works perfectly on ASAs with a single host behind the ASA.  Below is a sample config of the ASA.  Any help would be greatly appreciated!

interface Vlan10
 nameif inside
 security-level 100
 ip address 10.200.3.161 255.255.255.240
!
interface Vlan300
 nameif outside
 security-level 0
 allow-ssc-mgmt
 ip address 172.21.3.74 255.255.0.0
!
interface Ethernet0/0
 switchport access vlan 300
!
interface Ethernet0/1
 switchport access vlan 10
!
interface Ethernet0/2
 switchport access vlan 10
!
interface Ethernet0/3
 switchport access vlan 10
!
interface Ethernet0/4
 switchport access vlan 10
!
interface Ethernet0/5
 switchport access vlan 10
!
interface Ethernet0/6
 switchport access vlan 10
!
interface Ethernet0/7
 switchport access vlan 10

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Poll tcp
 description External Poller
 port-object eq 2101
object-group service Poll2 tcp
 description Poll 20000
 port-object eq 20000
object-group service DM_INLINE_SERVICE_1
 service-object icmp
 service-object tcp eq 20000
object-group network New_Hosts
 description New Hosts
 network-object host 192.168.95.0 255.255.255.0
 network-object host 192.168.96.0 255.255.255.0
 network-object host 192.168.97.0 255.255.255.0
 network-object host 192.168.98.0 255.255.255.0
object-group network Old_Hosts
 description Old Hosts (Subnets)
 network-object 192.168.89.0 255.255.255.0
 network-object 192.168.90.0 255.255.255.0
 network-object 192.168.91.0 255.255.255.0
 network-object 192.168.92.0 255.255.255.0
 network-object 192.168.93.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
 group-object New_Hosts
 group-object Old_Hosts
 network-object 192.168.79.0 255.255.255.0
 network-object 192.168.201.0 255.255.255.248
object-group network DM_INLINE_NETWORK_4
 network-object 192.168.201.0 255.255.255.248
 network-object 192.168.79.0 255.255.255.0
 group-object New_Hosts
 group-object Old_Hosts
object-group service DM_INLINE_SERVICE_2
 service-object icmp
 service-object tcp eq 20000
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 object-group DM_INLINE_NETWORK_1 host 172.21.3.64 log debugging inactive
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_1 host 172.21.3.65 log debugging inactive
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_1 host 172.21.3.66 log debugging inactive
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_1 host 172.21.3.67 log debugging inactive
access-list outside_access_in extended permit icmp object-group DM_INLINE_NETWORK_1 host 172.21.3.69 log debugging
access-list outside_access_in extended permit tcp object-group DM_INLINE_NETWORK_4 host 172.21.3.69 eq 2101 log debugging
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_1 host 172.21.3.70 log debugging inactive
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_1 host 172.21.3.71 log debugging inactive
access-list inside_access_in extended permit ip any any log debugging
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 172.21.3.65 10.200.3.167 netmask 255.255.255.255
static (inside,outside) 172.21.3.66 10.200.3.168 netmask 255.255.255.255
static (inside,outside) 172.21.3.67 10.200.3.169 netmask 255.255.255.255
static (inside,outside) 172.21.3.69 10.200.3.170 netmask 255.255.255.255
static (inside,outside) 172.21.3.70 10.200.3.171 netmask 255.255.255.255
static (inside,outside) 172.21.3.71 10.200.3.172 netmask 255.255.255.255
static (inside,outside) 172.21.3.64 10.200.3.174 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 172.21.0.1 1
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
  message-length maximum client auto
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global

Answer : Cisco ASA 5505 not passing traffic (Possible NAT or ACL issue)

if your are trying from 192.168.x.x , then you have to add a route on the ASA

route inside 192.168.x.x 255.255.x.x  <gw>

to allow ICMP

policy-map global_policy
 class inspection_default
inspect icmp
Random Solutions  
 
programming4us programming4us