I have 3 interfaces set up on a FWSM.
Inside, outside, DMZ
The outside vlan/interface has an SVI that is on the MSFC of our 6509.
The inside is set up to NAT from 10.40.X to 10.41.x ("outside" VLAN)
The DMZ is set up to nat without changing the addresses... 10.39.X to 10.39.X
I have a static route on the MSFC to the DMZ network via the outside interface.
Ping's to the addresses translating from outside to inside addresses are returned in <1ms
Pings to the DMZ-DMZ natted addresses are being returned anywhere from 240ms to 2ms.
So everything is working - all the ACL's are set up to allow the traffic, but why is it so much slower in the two different setups? I can understand a little difference since the ARP table isn't populated with the DMZ to DMZ addresses, but it doesn't take more than 8ms to get a reply from our ISP router 800 miles away.