Hi Prashanth,
As far as i know, there is no difference between these 2 statements. if you give net mask it it takes the subnet mask for the PAT range.... but it will go out as port address translated... so makes no sense...
Without Mask:
pixfirewall(config)# sh nat
NAT policies on Interface dmz:
match ip dmz 10.70.0.0 255.255.255.0 out any
dynamic translation to pool 2 (192.0.2.0 - 192.0.2.20)
translate_hits = 0, untranslate_hits = 0
match ip dmz 10.70.0.0 255.255.255.0 dmz any
dynamic translation to pool 2 (No matching global)
translate_hits = 0, untranslate_hits = 0
With Mask:
pixfirewall(config)# sh nat
NAT policies on Interface dmz:
match ip dmz 10.70.0.0 255.255.255.0 out any
dynamic translation to pool 2 (192.0.2.0 - 192.0.2.20)
translate_hits = 0, untranslate_hits = 0
match ip dmz 10.70.0.0 255.255.255.0 dmz any
dynamic translation to pool 2 (No matching global)
translate_hits = 0, untranslate_hits = 0
pixfirewall(config)#
Regards
Karthik