Cisco IOS Destination NAT

Okay, so I do this with ASAs all the time. Are you sure IOS can't do this?

Hmm... well can't I just apply a PBR policy to the inside interface on the router telling it to route traffic to the DMZ?

yes i am sure. i told it is not working because interface direction definition. Even PIX 6.3 cannot do it. I think they have solved in ASA. I didin't try yet.

Yes, it does work on ASAs... What about the PBR setup I mentioned? By traffic I meant all traffic destined for the IP of the outside interface.

no PBR will redirect traffic to second NAT equipment. I have used enough long time this solution. I used 2 firewall. one them powerfull and make nAT to global access. Other of it just pix501 and it was working for DMZ NAT.

you will apply destination rule to LAN interface that its ACL base  next hop will be other NAT router gateway.

What a pain! I would have thought Cisco would have a solution for this common scenario. I guess they figure they can sell more stuff!

Not possible with IOS. Easy with ASA.
Best option is local DNS server that resolve site to local IP address instead of public IP address.
nat-on-a-stick is supposed to work, but it is not TAC supported and I've never been able to make it work

Well, since neither of those are an option (no ASA or DNS server) and they have a 1720 too I guess I'll create a bridge-group on the 1720 and create a true DMZ using one of the interfaces attached to a switch and then send the other interface over to the 1721 to do the LAN. Geez.

Okay, so I got the 1721 setup as the edge performint NAT/PAT at this location. The server is between the 1721 and the 1720. 1720 is not doing any NAT, so DNAT is not an option. For some reason I can't seem to get PBR configured to redirect requests from the 1720's other networks that are destined for the outside IP of the 1720. So here's a quick map with a description and I appreciate any help!
Map.jpg

This got me started on a solution, but didn't provide a direct answer.