ASA5505:

firewall transparent
!
interface Ethernet0/1
description Connected to C2960
!
interface Ethernet0/1.101
vlan 101
nameif INSIDE101
security-level 100
bridge-group 10
!
interface Ethernet0/1.1003
vlan 1003
nameif INSIDE1003
security-level 100
!
interface Ethernet0/2
description Connected to R2
!
interface Ethernet0/2.101
vlan 101
nameif OUTSIDE101
security-level 0
bridge-group 10
!
interface Ethernet0/2.1003
vlan 1003
nameif OUTSIDE1003
security-level 0
!
object network obj_any
 subnet 0.0.0.0 0.0.0.0
!
object network obj_any-1
 subnet 0.0.0.0 0.0.0.0
!
object network NEBULA	
 subnet 172.16.0.0 255.255.0.0
!
object network inside
 subnet 10.7.3.0 255.255.255.0 
!
access-list outsideNEBULA extended permit tcp 172.16.0.0 255.255.0.0
access-list outside_acl extended permit tcp 10.7.3.0 255.255.255.0 
!
object network obj_any
 nat (INSIDE101,OUTSIDE101) dynamic 10.7.3.3
object network obj_any-1
 nat (INSIDE1003,OUTSIDE1003) dynamic 10.7.3.3
!
accesst-group outsideNEBULA in interface OUTSIDE1003
access-group outside_acl in interface OUTSIDE101
!
interface BVI10
ip address 10.7.3.2 255.255.255.0

route OUTSIDE101 0.0.0.0 0.0.0.0 10.7.3.3 1
route OUTSIDE1003 0.0.0.0 0.0.0.0 10.7.3.3 1
route INSIDE101 0.0.0.0 0.0.0.0 10.7.3.1 1
------------------------------------------------------------------------------------------------------------

C2960:


interface Vlan101
ip address 10.7.3.1 255.255.255.0
!
interface Ge0/0
 description Connected to NebulaSW-Ge12
 switchport mode access
 switchport access vlan 1033
!
interface Ge0/1
 description Connected to CiscoASA-Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 101,1003