Recently I've setup ASA5510 to meet the following criterias:
Cr1. inside users go to Internet with a single ip address (outside interface)
Cr2. DMZ contains http, mail servers that are NAT'ed to outside network
Cr3. Inside users access http, mail servers by their DMZ IP addresses (I split DNS here)
I would like to make some improvements to this config:
I1. Access to these NATed services from inside without need to split DNS, so I could use just one external DNS. Please note that I do not want to move both servers to outside and prefer to keep them on the DMZ.
I2. Make users from inside appear on Internet with a group of IP addresses instead of one single IP of outside ASA interface.
I3. NAT an inside Lotus Domino server to outside IP and be able to access it from inside by using it's NATed outside address as well as it's inside IP.
Improvement #3 I've half done easily, but cannot figure out how to make inside users access neither DMZ nor Inside hosts by their NATed outside IPs.
Any suggestions are greatly appreciated!