The ACL is recording matches!! and the Static translation is fine.

Then you need to check if the internal device is actually listening on the UDP/TCP port numbers you have defined in your ACL.

Also if the internal device has internet access - goto www.whatismyip.com and confirm the NAT translation is 100% correct.

When using the 'show xlate' that don't show details on that PIX edition, is there a way for that?

AFAIK - there is not much, see the below command reference:-

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1084248

I'll try to review all that points and give a feedback.

Here is more details about the situation:

Fisrt, I have the commandes:

ACL:

permit tcp any 'public@ip1' eq www

permit ip any 'public@ip2

NAT:

static (inside,outside) tcp public@ip1 www private@ip1 www

static (inside,outisde) public@ip2 private@ip2

Access to the first ip@ with web is working (tested by telnetting the 80 port). But nothing is permitted to the second ip@ (no reply when telnet)

I inverted the ACLs and NAT (ip@1 with ip@2) and still the same, the first is OK and not the same.

If the server is not well configured, can I see the session open when translated by the PIX but not opened on the server?

Regards,

To check the servers, if they are windows @ the command line type "netstat -a" this will tell you what ports TCP/UDP the server is listening on and has current sessions.

Another good test is try to connect to the servers on the inside!