its been a while since there was a good cisco question on here so i have one. here is some info about the network the ip address of the pix should be 220.127.116.11 the gateway of the pix should be 18.104.22.168 I want my internal network to be able to browse using NAT or PAT i dont care which one, as it is now that works fine. I have a webserver behind the pix that I would like to be able to reach using the public IP 22.214.171.124, that is where the problem is. It does not work. the address of the internal webserver is 192.168.1.200, it is accessible by typing http://192.168.1.200 from a workstation on the internal network. here is the output from sh xlate pixfirewall# sh xlate 2 in use, 2 most used Global 126.96.36.199 Local 192.168.1.200 here is the output from sh run pixfirewall# sh run : Saved : PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable access-list 100 permit tcp any host 188.8.131.52 eq www pager lines 24 logging on mtu outside 1500 mtu inside 1500 ip address outside 184.108.40.206 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 220.127.116.11 255.255.255.0 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 18.104.22.168-22.214.171.124 global (outside) 1 126.96.36.199 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 188.8.131.52 192.168.1.200 netmask 255.255.255.255 0 0 access-group 100 in interface outside route outside 0.0.0.0 0.0.0.0 184.108.40.206 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.129 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:2998ebea4cfcc468bbef55deeba70f56 : end I've been working on this all day and I have not figured it out yet.