I need a little help in developing a config for our ASA5505. I'm an MCSA/MCITPAS but I don't have a lot of practical cisco experience.

Here is what I need help with, we currently have a PIX as our boarder gateway and well it's antiquated and it only has a 50 user license which means I'm constantly clearing local-host throughout the day as people complain. I discovered that the last IT person bought at couple ASA5505s and they've been sitting in the back of a cupboard.

So far I've duplicated the configuration from the pix to the asa but as I was going to be going this far I thought I'd go further and remove another old cisco router that was used only for the guest network, I know the asa can do both jobs.

So I'm going to paste a scenario I wrote up with the actual IPs changed to protect the innocent.

...

Outside Network: 1.2.3.10 255.255.255.248 (we have a /29)
Inside Network: 10.10.36.0 255.255.252.0
DMZ Network: 192.168.15.0 255.255.255.0

Outside Network on e0/0
DMZ Network on e0/1
Inside Network on e0/2-7

DMZ Network has DHCPD Enabled.
DMZ DHCPD Pool is 192.168.15.50-192.168.15.250
DMZ Network needs to be able to see DNS on Inside Network at 10.10.37.11 and 10.10.37.12
DMZ Network needs to be able to access webmail on inside network at 10.10.37.15
DMZ Network needs to be able to access business website on inside network at 10.10.37.17
DMZ Network needs to be able to access the outside network (access to the internet).

Inside Network has NO DHCPD. (dhcp is handled by domain controller)
Inside Network needs to be able to see anything on the DMZ network.
Inside Network needs to be able to access the outside network (access to the internet).

There is some access-list stuff already, some static mapping already.

Maps external IPs from our ISP to our inside server IPs

 static (inside,outside) 1.2.3.11 10.10.37.15 netmask 255.255.255.255
 static (inside,outside) 1.2.3.12 10.10.37.17 netmask 255.255.255.255
 static (inside,outside) 1.2.3.13 10.10.37.20 netmask 255.255.255.255

Allows access to our Webserver/Mailserver/VPN from the Outside.

 access-list 108 permit tcp any host 1.2.3.11 eq https
 access-list 108 permit tcp any host 1.2.3.11 eq smtp
 access-list 108 permit tcp any host 1.2.3.11 eq 993
 access-list 108 permit tcp any host 1.2.3.11 eq 465
 access-list 108 permit tcp any host 1.2.3.12 eq www
 access-list 108 permit tcp any host 1.2.3.12 eq https
 access-list 108 permit tcp any host 1.2.3.13 eq pptp

Here is all the NAT and route stuff I have so far.

 global (outside) 1 interface
 global (outside) 2 1.2.3.11-1.2.3.14 netmask 255.255.255.248
 nat (inside) 1 0.0.0.0 0.0.0.0
 nat (dmz) 1 0.0.0.0 0.0.0.0

 route outside 0.0.0.0 0.0.0.0 1.2.3.9 1