NAT 0 for a interface vlan doesn't work, but for a interface without tag works.

From Firewall console I'm able to access all computers in different vlan, this proves that there isn't no L2 problem...

Have some experienced this situation?

---------- ///

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 100full

interface ethernet4 100full

interface ethernet4 vlan10 physical

interface ethernet4 vlan99 logical

interface ethernet5 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 owner security4

nameif ethernet3 bco security6

nameif ethernet4 officeadm security6

nameif vlan99 netadm security6

nameif ethernet5 livre security10

ip address outside 200.200.200.200 255.255.255.248

ip address inside 172.20.0.2 255.255.255.0

ip address owner 172.210.2.1 255.255.255.0

ip address bco 10.11.50.96 255.255.0.0

ip address officeadm 172.210.3.1 255.255.255.0

ip address netadm 172.210.1.1 255.255.255.0

nat (bco) 0 access-list nonat1

nat (netadm) 0 access-list nonat2

access-list nonat1 permit ip 10.11.0.0 255.255.0.0 172.210.3.0 255.255.255.0

access-list nonat2 permit ip 172.210.3.0 255.255.255.0 10.11.0.0 255.255.0.0

--------------

Syslog error message

%PIX-3-106011: Deny inbound (No xlate) tcp src bco:10.11.5.154/4189 dst netadm:172.210.1.21/23