This is my network configuration:

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 192.168.0.7 255.255.255.0

!

interface Vlan12

no forward interface Vlan1

nameif dmz

security-level 50

ip address 192.168.2.254 255.255.255.0

!

There must be a communication:

from any inside host -> to outside.

from any dmz host -> to outside.

from any inside host -> to dmz.

using pat

from any outside to some services in inside servers.

these configurations are ok,

but i'm not able to communicate from some servers in dmz to some inside servers which e.g. use smpt, pop3 protocol.

access-list outside_access_in extended permit tcp any host 192.168.0.12 object-group Linuxsrv_servizi

access-list outside_access_in extended permit tcp any host 192.168.0.8 object-group Mailsrv1_servizi

access-list outside extended permit tcp any host 192.168.0.12 eq www

access-list inside_access_in extended permit icmp 192.168.1.0 255.255.255.0 any

access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any

access-list dmz_access_in extended permit tcp host linuxsrv any eq www

access-list dmz_access_in extended permit tcp host websrv any eq www

access-list dmz_access_in extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list dmz_access_in extended permit icmp 192.168.2.0 255.255.255.0 any

access-list dmz_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq domain

----------------------------------------------------------------------------------------------------------------------

This is my nat configuration.

global (outside) 1 192.168.0.8 netmask 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 192.168.1.0 255.255.255.0

static (inside,outside) tcp 192.168.0.8 www 192.168.1.201 www netmask 255.255.255.255

static (inside,outside) tcp 192.168.0.8 5500 192.168.1.132 5500 netmask 255.255.255.255

static (inside,outside) tcp 192.168.0.8 smtp 192.168.1.201 smtp netmask 255.255.255.255

static (dmz,outside) 192.168.0.12 linuxsrv netmask 255.255.255.255

static (inside,dmz) 192.168.2.0 192.168.1.0 netmask 255.255.255.0

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

access-group dmz_access_in in interface dmz

route outside 0.0.0.0 0.0.0.0 192.168.0.254 1

Shall i make another nat rule, e.g. from inside to dmz?

i tried to make it but i always get an error.. "this rule is overlapping an existent nat rule"

static (inside,dmz) 192.168.2.0 192.168.1.0 netmask 255.255.255.0

Could you please tell me where I am wrong?

Kind regards