I also tried to translate to 10.35.121.98 => Not OK
With ethereal, when pinging 10.35.121.98, I see the ping exit from 192.168.0.2 but nothing occurs on the PIX (I activated "debug icmp trace" and "debug packet outside"). When pinging 192.168.0.1 from 192.168.0.2, the ping is OK.
I can ping the 192.168.0.2 from the PIX (console connection).
Your static command is actually translating 10.35.121.98 to 192.168.0.2. I don't believe this is what you are trying to do. If you want to have your outside source appear as a different IP follow the NAT Outside documentation. Attached below.
Ultimately what you are trying to do is allow internal addresses be access by an external. What you should use is a Policy NAT 0 with an access-list. This will avoid the Xlate requirement for your outside host but still have Xlates for other apps.
Here is a sample configuration (I have something similar in production).
access-list Outside_Host permit ip host 10.35.121.98 host 192.168.0.2
! next statement is more general but you could make it more subnet specific
access-list Outside_Host permit ip any host 192.168.0.2
is making 10.35.121.100 appearing as 192.168.0.2 to the outside network. So if you want to reach to the inside device from the outside network you have to ping 192.168.0.2 the destination will be redirected ( NATed) by the PIX to 10.35.121.100 .. Is this what you are trying to achieve ..? or do you want to be able to reach 10.35.121.100 directly ( Without NATing ) ..?
If you want to reach 10.35.121.100 directly then you need to bypass NAT ..
Fernando picked up on my mistake, he's right on your current NAT statement, it's doing .100 not .98. Typo on my part. They did add the outside command in 6.3 but I've found that outside inside works with just the standard NAT 0 command using an access-list with destination subnet. I have had this working in production before the outside command was released. Either configuration should work for you. Fernando's configuration would have more validity with the TAC.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :