The PIX does not act as a router. You may need to set the users default gateway to another router on your LAN which can get to all your networks but which will forward external traffic (Internet etc) via the PIX. Alternatively, you could connect the other network to a different PIX interface. Hope that helps.
The reason this doesn't work is because the PIX will not send out ICMP redirects. In your example you want your default gateway (10.10.10.10) to redirect the clients to 10.10.10.200 if they are destined for 172.16.0.0. Routers don't actually "route" these packets in and back out the same interface, they send an ICMP redirect to the client and the client adds this route to its internal routing table. From that point on the client talks directly to the 10.10.10.200 router. The PIX will not do ICMP redirects on any port, therefore it can not be the default gateway on a subnet with multiple routers. Just in case you wanted to know why.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...