The config looks OK, although keep in mind that setting the same security level on different interfaces means you will have NO connectivity between those interfaces at all. Some people think that the opposite would be true in that you would have all access, but this is not the case.
Anyway, in regard to your problem, the config looks OK, and it's strange that you can ping FROM these inside hosts but can't ping to them. Are you sure you don't have access-lists or something on those hosts themselves? The best way to see if the PIX is stopping anything is to check the log messages. Do "logging console debug" then attach a console and then try the pinging and see what happens.
Nat 0 doesn't just simply allow all packets in and out like you think it would. For traffic to pass from outside to inside with a nat 0 statement, traffic has to have travelled from inside to outside first.
For example, let's say you want to ping a host on the inside from a host on the outside, and your PIX just has nat 0 and an ACL allowing pings in. If you sit on the outside host and try a ping it will not get through. You first have to ping from the inside host to the outside host, which creates the translation in the PIX. Once you've done that you'll now be able to ping from the outside host to the inside.
Is it possible that you've pinged FROM all the inside hosts to the outside host, but not from the LANswitch itself? As I said, traffic has to travel outbound BEFORE traffic will be able to travel inbound when you use nat 0.
When you added the specific static statements for the LANswitch that over-rode the nat 0 statement and you could then ping both ways.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :