I have a PIX 515 that I am using to seperate trusted and non-trusted devices on my WAN/LAN. ( There is no internet connection) The outside I/F is used to connect 7 remote sites using IP network numbers between 192.168.50.0 and 192.168.56.0 The outside devices only access a server on the DMZ 192.168.108.2. Until now no address translation was required. I now have to connect another network 172.16.0.0 which I need to translate as it conflicts with addresses used on the inside i/f. The managed WAN provider will not NAT on the routers. I cannot use dynamic nat as I am going from a lower trust I/F to a higher trust I/F. Can I put in static command that looks something like
static (dmz,outside) 172.16.0.0 192.168.45.5
Will this only translate incoming packets from the 172.16.0.0 networks and leave the 192.168.50.0 alone or will it cause problems. The PIX is used pretty much 24 x 7 so i need to be pretty sure of the change before I implment it
Thanks