Hi Anton,
From what you've described, if you change your nat (inside) 1 0 0 to nat (inside) 0 0 0 then your inside hosts will be able to pint the DMZ hosts. However you will need to add a static command for each host on the inside network that you want your DMZ hosts to be able to reach.
Something to keep in mind, when going from a higher level security interface (i.e. inside) to a lower level security interface (i.e. dmz) you need a nat statement that matches the inside hosts on the inside interface and a Global statement on the DMZ interface.
For example:
nat (inside) 1 0 0 <--- applies to any inside host
global (DMZ) 1 10.2.2.105-10.2.2.254 netmask 255.255.255.0
An exception is the special NAT Zero or NAT 0, where IP's won't be NATed (as I suggested above to help you make progress quickly). With NAT 0, you don't need the global command.
Now, when going in the other direction you need to use the static command and an access-list. You say you've already got the access-list, now add the statics.
Without going into too much detail, I suggest you start with the following link. It should give you everything you need to get up and running.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/config.htm
I suggest erasing whatever configuration you currently have and starting over following the above link. You'll end up with a more secure configuration, even if you are new to the PIX.
Regards,
Thomas
