I've a PIX-515 firewall, running 7.2.2, in front of a private network. Servers in the private network are statically mapped to the external interface like this:
static (inside,outside) tcp host-outside www host-inside 8080 netmask 255.255.255.255
The problem is, now ICMP is not translated anymore. If I try to ping host-outside from the Internet, the firewall says "Deny inbound icmp src outside" even though ICMP is allowed by the ACL to all destinations on the outside interface.
I tried to add something like this:
static (inside,outside) host-outside host-inside netmask .......
But then the firewall tells me there's a conflict between this more general mapping, and the existing more specific mapping.
How can I keep the TCP 80 -> 8080 mapping but also translate inbound ICMP requests?