It seems like others are on the right track, but that we aren't fully understanding what you really need to accomplish here. I might not be understanding it either, but I'm going to give it a shot anyway.
Traffic is initiated from the outside subnets of 192.168.28.0 and 192.168.30.0. These are the source IP's and you do not need to do any source NAT. Correct so far? You do need to translate both destinations 172.16.1.1 and 172.16.1.2 to the same global address of 10.1.1.1, according to how it matches the access-list. If I'm still correct, the problem with this is going to be if traffic from the 192.168.28.0 and 192.168.30.0 both try to establish connections at the same time, I believe only one of the static translations will be built. The configuration you have going so far is for policy static NAT, not policy static PAT. This is what I think the commands should be so far,
static (inside,outside) 10.1.1.1 access-l NET1
access-l NET1 permit ip 192.168.28.0 255.255.255.0 host 172.16.1.1
access-l NET1 permit ip 192.168.30.0 255.255.255.0 host 172.16.1.2
I don't think this will work for simultaneous inbound connections, the PIX will build the first translation that matches the access-list and 10.1.1.1 will be persistently translated to only 1 internal IP until the translation is torn down. Using static PAT in your configuration will allow the single global to map to the different internals, but then you won?t be able to define a policy to match. Will the inbound connections for 172.16.1.1 and 172.16.1.2 being using the same service ports? If not, they you could go back to the simpler configuration of something like this to make it use the PAT translation and utilize access-list to control the access.
I really don't think this was your goal, but it's the only way I could image it might work. If I?m wrong here and someone finds a config that will make this work, with policy nat, it will interesting to learn about.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...