I have a PIX 515E with a privately numbered inside interface and a publicly numbered outside interface. I am doing a combination of static NAT for inbound connections for different services and PAT for outbound connections for internal hosts. The problem I have is that when I ping the public address of one of the static translations, the PING fails. When I ping to a host numbered within the same external subnet as the public address of one of the static translations the ping works fine. I believe this behavior is caused by the fact that the PIX by default will not allow traffic entering on an interface to then be turned around and sent right back out the same interface or "hairpinned" as they say. So since this the traffic would be flowing from inside interface to outside inside interface and then back to inside interface, the packets are dropped and the ping fails. Pinging to other hosts in the same subnet as the outside interface works because the traffic flow is inside---->outside then outside----->inside. I believe there is a way to get this to work by using the "same-security-traffic permit intra-interface" command on code version 7.2(1) and up, but I would like to confirm if this is indeed what?s happening. Any help would be appreciated.