1-to-1 NAT issue

Hi,
please help.
When I do 1-to-1 NAT for XXX.XXX.222.58 - works fine for in and out.
When I do 1-to-1 NAT for XXX.XXX.222.59 - access from outside does not work!

Below is a part of my WORKING config. I still need to do a port destination NAT from XXX.XXX.222.59 to internal resource. Pleaser tell me what I am doing wrong.

interfaces {
ethernet eth0 {
address 10.10.10.254/24
address 10.10.20.254/24
description DMZ
duplex auto
hw-id 00:0c:29:97:16:0c
smp-affinity auto
speed auto
}
ethernet eth1 {
address XXX.XXX.222.58/29
address XXX.XXX.222.59/29
description OUTSIDE
duplex auto
hw-id 00:0c:29:97:16:16
smp-affinity auto
speed auto
}
loopback lo {
}
}
nat {
destination {
rule 10 {
destination {
address XXX.XXX.222.58
}
inbound-interface eth1
translation {
address 10.10.10.1
}
}
}
source {
rule 10 {
destination {
}
outbound-interface eth1
source {
address 10.10.10.1
}
translation {
address XXX.XXX.222.58
}
}
rule 500 {
outbound-interface eth1
source {
address 192.168.100.0/24
}
translation {
address XXX.XXX.222.59
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop XXX.XXX.222.62 {
}
}
route 192.168.100.0/24 {
next-hop 10.10.10.200 {
}
}
}
}

You need the matching destination NAT to match your rule 500

rule500 is a PAT rule for 192.168.100.0/24 network.
But I need 1-to-1 NAT to 10.10.10.1

Again, when I do 1-to-1 from XXX.XXX.222.58 - all works fine. Same sthings for XXX.XXX.222.59 - NO!

Then you are missing masquerading for that to work, since you don’t have the reverse destination NAT