I have also tried changing the static to a 10.0.0.0 number but it still doesn't work.
It does how ever work if I change the host 10.0.0.1 to any and leave the rest as 192.168.0.0. The problem with this is it doesn't restrict access. Does anyone have any suggestions on what I might be doing wrong? Thanks.
For starters, I highly recommend that you convert to ACLs on the Pix. Their more restrictived,processed more efficiently, and easier to work with.
Having said that, your conduit looks correct. Are you sure that the addresses in question are accurate? By opening up the ranges to include any and the whole subnet, it worked for you. Therefore, we assume the problem to not be routing or NAT but rather access-control. Turn on logging to the buffer and see exactly /what/why the pix is denying those requests. [logging buffered 7] The easiest way to do testing is to use a telnet command line and connect to port 25 from the DMZ host. For example:
telnet 192.168.0.1 25
If successfuly, the screen will update and dispaly a banner or garbled characters(done by fixup). If it just times out, it didn't connect obviously. The pix will tell you exactly what the problem is in the logs [show log]
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...