i have 16 global IPs - i.e. 22.214.171.124 / 255.255.255.240
eth0/0 - inside - 10.10.10.2
eth0/1 - outside - 126.96.36.199
eth0/2 - DMZ - 172.16.2.1
eth0/3 - not used
GW Provider: 188.8.131.52
ASA-OUTSIDE-IP: 184.108.40.206 (IP used to surf the Internet from the inside network NAT)
DMZ: 172.16.10.0 /24
DMZ-ASA-IP: 172.16.2.1 /24 (connected to a switch)
DMZ-SERVER-01: 172.16.2.10 (connected to the same switch like ASA)
DMZ-SERVER-02: 172.16.2.11 (connected to the same switch like ASA)
DMZ-SERVER-01 NAT: 220.127.116.11
DMZ-SERVER-01 NAT: 18.104.22.168
this configuration is working fine with PIX515-E, 6.3.
now my problem:
if i replace the pix with the new ASA5520, one of the DMZ Server will not be reached from outside? it seems that the outside interface do not use the whole range from 22.214.171.124/255.255.255.240
sometime works only 126.96.36.199, and sometimes only the .116 from outside if i switch off/on the asa.
has someone any idea, what can it be or what i can do?
NAT DMZ Servers:
static (dmz, outside) 188.8.131.52 172.16.2.10 netmask 255.255.255.255
static (dmz, outside) 184.108.40.206 172.16.2.11 netmask 255.255.255.255