This is beating me up. If anyone has a suggestion, please help.
I need web services to NAT to two different web servers behind the inside interface. Below are portions of my config. The NAT 0 is there becasue this is a PPTP and IPSec endpoint as well.
My issue is that port 80 and port 3389 access do not work to 200.200.200.2 but all access works to 200.200.200.1. I'm scratching my head. I also have the pix configured as a PPTP and IPSec endpoint if that matters.
==============
access-list 101 permit ip 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
access-list 101 permit ip 192.168.100.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list ipsec permit ip 192.168.100.0 255.255.255.0 10.1.1.0 255.255.255 .0
access-list 102 permit icmp any any
access-list 102 permit tcp any host 200.200.200.1 eq www
access-list 102 permit tcp any host 200.200.200.1 eq 3389
access-list 102 permit tcp any host 200.200.200.1 eq smtp
access-list 102 permit tcp any host 200.200.200.2 eq 3389
access-list 102 permit tcp any host 200.200.200.2 eq www
ip address outside 200.200.200.1 255.255.255.0
ip address inside 192.168.100.1 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 192.168.0.0 255.255.0.0 0 0
static (inside,outside) tcp 200.200.200.1 www 192.168.100.24 www netmask 255.255
.255.255 0 0
static (inside,outside) tcp 200.200.200.1 smtp 192.168.100.24 smtp netmask 255.2
55.255.255 0 0
static (inside,outside) tcp 200.200.200.1 3389 192.168.100.24 3389 netmask 255.2
55.255.255 0 0
static (inside,outside) 200.200.200.2 192.168.100.25 netmask 255.255.255.255 0 0
access-group 102 in interface outside