For traffic from inside to dmz I have used static transalations and it has worked fine. Can you remove the 'nat (inside) 0 access-list nonat' and the access-list nonat. Instead, use a static transalation for the inside hosts like the one below.
What Sundar recommended is good for a pinned up static configuration from inside to DMZ and DMZ to inside. Essentially he is recommending on your DMZ interface to allow anything to access the inside with an address in the range of 10.0.0.0 255.248.0.0. Statics work both directions so the inside hosts would then be allowed to access the DMZ without a NAT/Global statement.
The NoNat configuration is actually what I prefer as this doesn't add a consistent NAT from the DMZ to the inside addresses. If you require outside to inside then just repeat your ACL with Source and Destination flopped. This in my mind is more secure. Talking to Sundar we both feel either one will work. Basically we aren't sure if your existing configuration was working and are giving alternate suggestions.
Sundar kick in if I misrepresented anything wrong.
I agree with Fred that either one of these configurations should work.
Can you make sure the device(s) on the DMZ is using 192.168.0.1 as their gateway to access anything on 10.0.0.0 255.248.0.0 network and the inside hosts are using the 10.1.0.2 as the gateway to get to host(s) on the DMZ.
Plus, can you check whether you have a route on the PIX for the 10.2.0.0 - 10.7.0.0 network that should be pointing to the inside network.
The reason I brought it up was that for some reason we can browse to shared files on one server on the DMZ but not the other. Both are Windows based servers. We confirmed that we can browse (network shares) on one server but no the other. Its odd. I jumped on one of the servers on the DMZ and can browse to the other server on the same DMZ lan fine, but for some reason inside users can only browse to one of the 2 servers. When I debugged today I see SYN packets being sent from the inside source but nothing ever comes back so either its the firewall or the server. Can't tell. Will have further access to that server today or tomorrow. The nonat was working before and I tried what Sundar reccomended but results were the same. Ill let you know what comes about. Thank you for all your help and I will definitely rate your posts. Thank you.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...