I'm certain I'm doing something wrong in my (simple) test config. I know I can do this as I have a PIX 515e doing this in another office. I'm trying to establish a single IP on the outside that inside hosts can use to access the internet - PAT. Then I'd like to selectively publish, for example, web servers and establish a handful of static NAT entries and manage those 1 to 1 IPs with ACLs. It seems simple but I'm botched something.
With the dynamic config in place, all hosts behing the internal interface can access the internet without any issues. As soon as I add the static NAT entry for the web server, it can no longer access the internet (nor does the static rule seem to work).
Web Server Outside: 126.96.36.199
Web Server Inside: 10.10.1.1
Outside Int IP: 188.8.131.52
global (outside) 101 interface
nat (inside) 101 10.10.0.0 255.255.224.0
static (inside,outside) 184.108.40.206 10.10.1.1 netmask 255.255.255.255
I've also attached the config in case that helps.