In article , erik wrote: :I'm trying to setup a static that will allow everyhing in my dmz (lets :say) 172.23.0.0 access my inside range 172.22.0.0 . The problem is :without the static the dmz cant find the 172.22. and i need this for a :spam firewall plugin.
I suspect you don't really want -all- of your inside reachable, but anyhow.
You have two choices:
A) static (inside,dmz) 172.22.0.0 172.22.0.0 netmask 255.255.0.0
B) access-list nonat permit ip host 172.22.0.0 255.255.0.0 172.23.0.0 255.255.0.0 nat (inside) 0 access-list nonat
Yes, the second one is in the form of a 'nat' but it effectively does a static as well.
The main difference between the two is that proxy arp will not be active for the second of these, so your dmz hosts would have to know to use the PIX as their default gateway (which you probably already have set up... it's an issue that comes up more with routers.)