I am using a cisco asa 5505 with base license. I have enabled 3 interfaces(inside/outside/dmz) on my firewall. As i am using a base license, my dmz interface is set as restricted interface where it can access outside network but cannot access the inside network. My dmz is hosting a web service accessible by external so i NAT one of the public ip to the dmz ip that my web server is using. However NAT fails to work, i had to change the dmz ip of my webserver, and change my NAT accordingly so that the same public ip is translated to the new dmz ip before NAT got to work. Why is this so? THere is only 1 machine in my dmz, and the dmz ip that failed to work as mentioned earlier was not use for any other NAT purpose in the entire config. i have clear the arp cache and it fail to resolve the issue and i eventually had to change the dmz ip of the web server. Pls advise. THks in advance.