So I could have it set where the PIX outside interface is the 2 host (the 1st would be the ISP)

I understand how to make the traffic flow from that point...but what about the 3rd Class C? Can I still assign it as a global static address and it will be able to pass traffic?

Humm...

Thanks!!!

Eric

so you assign 16.82.64.0/24 to outside, in that case you need to put some hosts on the outside segment to utilize the public ip addresses, or you can further subnet this network to two hosts, then use the other addreses for public . example config like this

outside address 16.82.64.1/30 where the isp router ip will be 16.82.64.2

then you use

nat/global and static statemetns and place your hosts on the inside network or on the dmz network.

thanks

Nadeem

First off, thank you again for helping...it has been huge for me.

If the 3 class C spaces were "in a row" I could make perfect sense of this. Its that 3rd class C that is throwing me off.

Here they are again...

216.82.64.0/24

216.82.65.0/24

216.82.68.0/24

I know I can group 216.82.64.0 and 216.82.65.0 into a /23 mask but the third is 216.82.68.0/24

I know its probably against the rules, but could I get the PIX to see this entire space on a /21 which would cover from 216.82.64.0 - 216.82.71.0. Even though not all of those addresses are not routed to me, it seems like it could work. I don't seem to understand how I can get to my next hop from within the firewall on the 216.82.68.0 network.

For instace, I will have static mappings on all 3 addresses:

static (inside,outside) 216.82.64.12 192.168.64.12 netmask 255.255.255.255 0 0

static (inside,outside) 216.82.65.110 192.168.65.110 netmask 255.255.255.255 0 0

static (inside,outside) 216.82.68.220 192.168.68.220 netmask 255.255.255.255 0 0

How does the 216.82.68.220 global address route back out? Maybe i don't understand what route statements I need.

Thanks again!!