PIX static NAT

[mrmofong0]

Hello all,

I have a 2600 as a border router and a PIX that does my NAT. I have added a static to the PIX for an internal host, and modified the access lists on both units to open some ports to that host. Now, the problem is that as soon as I add the static NAT to the PIX, the host loses ALL outbound connectivity. No web, no DNS, nothing. However, when I add a TCP any statement allowing all TCP traffic *to* that host, it works fine. Obviously I can't leave it that way...Is this normal behavior?

On the PIX:
access-list acl_out permit tcp any host <public IP> eq 1723
access-list acl_out permit gre any any
...
access-group acl_out in interface outside
conduit permit icmp any any
conduit permit gre any any
...
global (outside) 1 <public IP>
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) <public IP> <private IP> netmask 255.255.255.255 0 0

On the 2600:
ip access-list extended inet-in
permit icmp any host <public IP>
permit tcp any host <public IP> eq 1723
permit gre any host <public IP>

Any assistance or insight would be greatly appreciated...

-MM