I currently have an ASA 5510 with which I'm trying to setup a HTTP/FTP host on a dmz. Currently the DMZ host is accessible externally but hosts on the internal network cannot access it. I have a dedicated IP for the DMZ host (1.1.1.228) and another IP for interface PAT for the internal clients (1.1.1.238). I know I'm missing a piece, either a nat() statement or a static() statement, please advise.

interface Ethernet0/0

description Outside Interface

nameif outside

security-level 0

ip address 1.1.1.238 255.255.255.240

!

interface Ethernet0/1

description Inside Interface

nameif inside

security-level 100

ip address 10.0.0.1 255.255.0.0

!

interface Ethernet0/2

description DMZ Interface

nameif dmz

security-level 50

ip address 192.168.0.1 255.255.255.0

--- partial outside inbound ACL ---

access-list outside_access_in extended permit tcp any host 1.1.1.228 eq www

access-list outside_access_in extended permit tcp any host 1.1.1.228 eq https

--- DMZ ACL ---

access-list DMZ extended permit icmp any any

access-list DMZ extended permit tcp host 192.168.0.11 eq www any

access-list DMZ extended permit tcp host 192.168.0.11 eq https any

access-list DMZ extended permit tcp host 192.168.0.11 eq ftp-data any

access-list DMZ extended permit tcp host 192.168.0.11 eq ftp any

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 1.1.1.231 10.0.0.85 netmask 255.255.255.255

static (dmz,outside) 1.1.1.228 192.168.0.11 netmask 255.255.255.255

access-group outside_access_in in interface outside

access-group DMZ in interface dmz