PIX: IPSec between overlapping subnets and "dns" keyword

Hi!

I'm trying to configure IPSec between two sites with overlapping
subnets 192.168.1.0/24. There is a requirement to configure both
inside and outside static NAT on the same PIX. Also, both local and
remote hosts in overlapping networks should be able to initiate
connections.

PIX1(config)# sh static
static (outside,inside) 192.168.2.0 192.168.1.0 dns netmask
255.255.255.0 0 0
static (inside,outside) 192.168.3.0 192.168.1.0 netmask 255.255.255.0
0 0

This setup works well if I ping remote host by IP address:

R4-192.168.1.4# ping 192.168.2.1

On the PIX:

PIX1(config)# sh xlate detail
2 in use, 7 most used
Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
o - outside, r - portmap, s - static
NAT from outside:192.168.1.1 to inside:192.168.2.1 flags sD
NAT from inside:192.168.1.4 to outside:192.168.3.4 flags s

Unfortunately it doesn't work if I try to ping via hostname. The
problem is that DNS payload is *not* translated. The remote DNS server
192.168.1.254 answer is 192.168.1.1. It is *not* translated to
192.168.2.1 (note the "dns" keyword in the "static" above).

If I add the static route:

PIX1(config)# route outside 192.168.1.1 255.255.255.255 172.16.1.3

it starts working:

R4-192.168.1.4# ping r1.test

On the PIX:

PIX1(config)# sh xlate detail
3 in use, 7 most used
Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
o - outside, r - portmap, s - static
NAT from outside:192.168.1.254 to inside:192.168.2.254 flags sD
NAT from outside:192.168.1.1 to inside:192.168.2.1 flags sD
NAT from inside:192.168.1.4 to outside:192.168.3.4 flags s

The DNS payload is translated, but the static route breaks local
connectivity, i.e. it is not possible now to have local inside host
192.168.1.1.

Could anybody shed some light on this and give me working example with
DNS payload translation? It seems that "dns" keyword is broken in
"static" command in all PIX OS versions 6.2 - 6.3(4).

Thx