I have NAT 1:1 set up for a host in the DMZ. Also, access lists to allow a couple of ports from the internet and to the internal network, which is working just fine.
I can’t manage to allow this host in the DMZ to access the internet.
At first glance, your configuration looks good except for the after-auto keyword used in the nat command. Is there a particular reason you have that employed? This keyword will cause the NAT rule to be executed towards the end of the NAT order of operations, where Twice NAT would be applied. Take a look at this Cisco documentation where it says:
By default, the NAT rule is added to the end of section 1 of the NAT table. See the “NAT Rule Order” section for more information about sections. If you want to add the rule into section 3 instead (after the network object NAT rules), then use the after-auto keyword. You can insert a rule anywhere in the applicable section using the line argument.
The NAT Rule Table is a construct that shows the order of operations when Twice NAT is used. More info can be found here:
I don’t believe you are using Twice NAT here since you are not specifying a translation for the destination, so I suggest you remove this keyword and see what happens… Then we can continue troubleshooting other issues… Let us know how you get along!