Jason,

Yes the 10.x network is on the inside, the 172.x is in the DMZ, and the 2xx. is the outside.

Robert

Ok,

Assuming these alias statements are correct:

-------------------

alias (inside) 10.xxx.xx.x 2xx.2xx.xx.xx 255.255.255.255

should be

static (inside,outside)2xx.2xx.xx.xx 10.xxx.xx.x netmask 255.255.255.255

-------------------

-------------------

alias (inside) 2xx.2xx.xx.x 172.xxx.xxx.x 255.255.255.255

This one is interesting. 2xx.2xx.xx.x is not an inside IP address. if we went strictly by the alias syntax it would be:

static (inside, dmz) 172.xxx.xxx.x 2xx.2xx.xx.x netmask 255.255.255.255

the other possibility is that the DMZ address is the real address and it's mapped to the inside as the 2xx.

Though the 2xx.xxx address isn't on the inside interface. You might want to keep an eye on this one.

the other possibility is that the DMZ address is the real address and it's mapped to the inside as the 2xx.

so it would be

static (dmz,inside) 2xx.2xx.xx.x 172.xxx.xxx.x netmask 255.255.255.255

So anyone initiating to that external address would go to the dmz.

---------------------

---------------------

alias (dmz) 172.xxx.xxx.x 2xx.2xx.xxx.xx 255.255.255.255

should be

static (dmz,outside) 2xx.2xx.xxx.xx 172.xxx.xxx.x netmask 255.255.255.255

---------------------

Jason,

This was very helpful. Thanks.

Robert

Don't forget to rate if it works. :)

--jason