Help with PIX 6.2(1) interface access, ACL, and SSH

Hi Spiceworks community

I'm not very proficient with older PIX 6.2(1) code and I have the following scenario for a customer and was wondering if anyone could please help me. Have interface to access PIX device on 10.1.1.242, which is reachable currently from the 10.1.1.x network, but need to get this configured for the 10.1.2.x network. Also trying to get SSH working correctly

current interface/nameif config:

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ_2_XYZ security50

current interface/IP config:

ip address outside 10.1.5.254 255.0.0.0
ip address inside 10.1.1.242 255.255.255.0
ip address DMZ_2_XYZ 10.1.11.2 255.255.255.248

current ACL config:

access-list DMZ_2_XYZ_access_IN permit ip any any
access-list DMZ_2_XYZ_access_IN permit icmp any any
access-group DMZ_2_XYZ_access_IN in interface DMZ_2_XYZ

Static config:

static (inside,DMZ_2_XYZ) 10.1.0.0 10.1.0.0 netmask 255.255.0.0 0 0

Current SSH config:

ssh 10.1.1.0 255.255.255.0 inside
ssh 10.1.2.0 255.255.255.0 inside
ssh 10.3.0.0 255.255.0.0 DMZ_2_XYZ

Current route statements:

route inside 10.1.4.0 255.255.255.0 10.1.1.254 1
route DMZ_2_XYZ 10.3.0.0 255.255.0.0 10.1.11.1 1

Now, from what I know, first of all this needs a static mapping:

static (inside,???) tcp interface 22 10.1.1.242 22 netmask 255.255.255.255

then this needs an ACL:

access-list CORP_SSH_ACCESS_IN permit tcp 10.1.2.0 netmask 255.255.255.0 host 10.1.1.242 eq 22

This is where I'm getting hung up
a) the PIX doesnt know about the 10.1.2.x network
i. and does it need a route statement to get back to the 10.1.2.x -- my thoughts are yes, b/c it wont know how to return traffic
b) not sure which order to place the interfaces in the "static (X,Y)" area since no interface is bound or connected to 10.1.2.x
c) I'm used to running packet-tracer command on ASA's, so I'm trying to get a quick primer on the "capture" utility on PIX 6.2

d) I had the onsite engineer gen the RSA keys and save them, but he isnt getting access. I dont have access to the PIX yet, as he's in a meeting, so I've encouraged him to SSH with -v (verbosity logging enabled) so we can get an idea as to where its breaking down.. but this is why I would like to run the "capture" utility to see if the SSH packets are even making it to the interface. He can telnet to the device from 10.1.1.x network, but no SSH

Any help is much appreciated!!!