I assume, given the config, that your dmz server is the webserver (10.168.0.2).
OK, so let's remember a couple of things first. In order to get traffic pass from a lower security interface to a higher security interface we need basically two things:
1. An xlate created on the PIX Firewall (this would be done with an static NAT).
2. An access-list on the lower security interface to allow that traffic in.
OK, so given that config, I do not see any static translation created between the inside and the dmz, so that's basically why you won't be able to ping anything on the inside, even though the first line of the outside ACL reads permit icmp any any.
Now, regarding that ACL outside, Cisco does not recommend to have the same ACL applied to more than one interface, or use it for other purposes... You can create a different one for the dmz...
So, you could create a self translation for the inside hosts (or actually for the whole inside subnet) with the following command:
What this would do is to create a translation for every host on the inside to the dmz, and actually they would be 'translated' to themselves, keeping the same IP address (actually the only purpose of this is to have the xlate created so we can have inbound traffic from the lower security interface, in this case, the dmz).
With that 'static' done, you should be able to ping hosts on the inside, from the dmz.
Now, about not being able reach the webserver from the outside...
What is the output of 'show xlate local 10.168.0.2'?
My guess here is that there is no xlate created yet for that webserver, therefore cannot access it from the outside even thought the ACL is there.
So, a good and fast way to force the PIX to create the xlate is to initiate traffic out from the webserver. Then do the 'show xlate local 10.168.0.2' command; if the xlate is there you should be able to access it from the outside.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...