I have a VPN connection to another company where they get connection to the following hosts
Now, I have another company that needs access to these hosts also, but they have the same IP-range in use in their network. So I'm gonna use static and put my two hosts on my DMZ1 which has public IP's instead.
static (inside,dmz1) 18.104.22.168 192.168.14.2
static (inside,dmz1) 22.214.171.124 192.168.14.2
This will put both my hosts in global "mode" in the firewall..
Question is, will this break my old VPN tunnel to the other company? If they try to reach 192.168.14.2, will the firewall stop them or something? Or will it also work?
It can work without problems ;
Since your "nat (inside) 0" have precedence over the static statement, traffic for the first tunnel will be nonated , routed on your outside or dmz1 interface where it will trigger the crypto engine.
Traffic for the 2nd tunnel will get nated , then routed on your dmz1 interface where it will trigger the crypto engine.
One thing to check is that your crypto-acl for the second tunnel must use the translated addresses as the source. Remember that the natting occurs before the crypting.
Also, i don't have your complete config , but if the default gateway oy your PIX is on the outside interface , you will need 2 routes on your dmz1 interface. One for the VPN peer IP , and also one for the peer internal subnet.