I am trying to do is setup a pix with 2 outside interfaces (See Drawing 1). Below is the configuation.

--------------------

Building configuration...

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet0 vlan16 logical

interface ethernet1 auto

interface ethernet1 vlan3 logical

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan3 inside_pc_vlan3 security99

nameif vlan16 outside_pc_vlan16 security1

/SNIP/

access-list 101 permit ip any any

access-list inside_pc_vlan3_access_in permit ip 192.168.6.0 255.255.254.0 192.168.5.0 255.255.255.0

access-list inside_pc_vlan3_access_in permit ip 192.168.6.0 255.255.254.0 any

/SNIP/

ip address outside 192.168.136.2 255.255.255.0

ip address inside 192.168.5.254 255.255.255.0

ip address inside_pc_vlan3 192.168.7.254 255.255.254.0

ip address outside_pc_vlan16 192.168.26.2 255.255.254.0

/SNIP/

global (outside) 1 192.168.136.20-192.168.136.245

global (outside) 1 interface

global (outside_pc_vlan16) 16 192.168.26.20-192.168.27.245

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside_pc_vlan3) 16 0.0.0.0 0.0.0.0 0 0

/SNIP/

static (inside,inside_pc_vlan3) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 0 0

access-group 101 in interface outside

access-group inside_pc_vlan3_access_in in interface inside_pc_vlan3

route outside 0.0.0.0 0.0.0.0 192.168.136.1 1

/SNIP/

---------------------

When I try to connect from a PC on inside_pc_vlan3 to an external machine I get the following error:

%PIX-3-305006: portmap translation creation failed for tcp src inside_pc_vlan3:192.168.6.1/2802 dst outside:192.168.133.207/80

However, when I move inside_pc_vlan3's nat to the outside interface via

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Everthing works except it is using the wrong interface and wrong nat pool...

I think the error is in the routing because fromt the error it appears that the failure is on the "outside" interface but I don't know how to fix it.

Recommendations?