As far as I understand "flags s" means that translation is static, and again to my understanding static translations are not going to expire from XLATE. FOr example, here's what I found inside my PIX:NAT from inside:10.25.4.82 to dmz:10.25.4.82 flags...
I don't believe you can change a source of Websense lookup either.But there's another way to make it work: add external address of you router to the VPN:access-list 100 permit ip host 10.10.10.2 host 10.181.223.100the other VPN peer should obviously ...
I checked a difference on our PIXes, in 6.3 by default there's a DNS fixup which wasn't there in a previous versions:fixup protocol dns maximum-length 512Try taking this line out, see if it'll make any difference.
You probably have something like this on your PIX:global (outside) 1 interfacenat (inside) 1 int_net maskYou can:1. nat (inside) 0 int_pc_net mask2. Static (outside,inside) int_pc_net mask int_pc_net mask
I think main thing here is a difference in "GLOBAL" statement on the PIX. Example has:global (outside) 1 131.1.23.12-131.1.23.254But your config:global (outside) 1 interfaceHence second line of ACL 110 on outside router blocks return traffic:access-l...
