My internet provider provides one /30 network and one /24 network over one link. No VLAN tagging is done by them. I would like not to use PAT and internal IP's on the DMZ, but to let DMZ hosts use IP's in the /24 network. I figure the ASA must know that incoming and outgoing traffic to and for the /24 should be routed to the DMZ. As I have no ASA in front of me now, I wonder if a static route on outside interface would be sufficient?
ASA primary WAN IP: 126.96.36.199
ASA DMZ interface IP: 188.8.131.52
ASA /24 network that goes to DMZ: 184.108.40.206/24
Would something like this route be sufficient?
ciscoasa(config-if)# route outside 220.127.116.11 255.255.255.0 18.104.22.168