I have a Cisco 5505 with a full Class C to use for public IPs. I have split that in half, making my outside interface subnet the first half, and the DMZ the second half. I have a single box on the inside of my network that runs multiple development services, and I'd like to expose port tcp/443 to the outside on the first half subnet. When I configure port forwarding of https using the outside interface and PAT, it works fine. What I was trying to do, that I didn't get to work, was a static NAT of the inside interface of the webserver to an IP address on the same subnet as the outside interface and then allow https in the ACLs for the outside and inside interfaces. This didn't work, and the fact that I didn't see anything in the ACL logs or the webserver logs tells me that the issue is with NAT. I was able to get this working with a webcam that I performed a static one-to-one IP address translation and then just allowed the services in the ACLs. Can someone tell me what is wrong with my line of thinking?
66.x.x.5 (public webserver) --> 66.x.x.2 (ASA outside) --> 10.x.x.8 (private webserver)