I no Pix wizard, and I'm in a bit of rush... no other firewall has managed to confuse me as well as the Pix.
I have the following config, with two available external IPs (.147 and ..148):
ip address outside 72.x.x.147 255.255.255.248 ip address inside 192.168.10.254 255.255.255.0
global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 72.x.x.148 https SERVER https netmask
255.255.255.255 0 0 static (inside,outside) tcp 72.x.x.148 smtp SERVER smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp 72.x.x.148 pop3 SERVER pop3 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outsideEverything works fine, except for when my SERVER goes out, it uses the Global PAT address of the outside interface (.147) instead of .148. Our MX record is for .148, and I need to add a reverse DNS entry at ..148 (stupid AOL!). So I need my server to be NAT'd to this IP, not the PAT IP of the external interface.
Is there a way to ensure that all traffic generated from my server outbound gets statically NAT'd to the "spare" external IP rather than my global PAT IP?