I seem to be having an issue with a web-proxy (MWG) that is sitting past the outside interface of my ASA firewall. The web request(s) are allowed through the firewall (check) and go to the MWG. When they come back, they have the source-address of the ASA-facing interface - the connection tracking fails for the returning request and the return web traffic is denied.
I have no experience with the MWG, nor can I even comment on its configuration, and it is under admin control of another group as it exists in another security domain.
SO - who's at fault :-). I'm not sure what I can do on my "side" to get around this.