I have a Cisco 515e running 7.0(1) and one problem with the config of my NATs on my PIX is that the inside interface is not NATed. Rather just the subnet of my internal network. So when I try to add a NAT rule for a single host on that subnet I get: "This static port mapping rule is overlapping with a dynamic address translation rule for X.X.X.X/255.255.252.0 using global pool 1. Do you wish to proceed?" I suppose i could proceed without issue? In the end I would like to replace the subnet NAT using the inside interface, so that I don't receive this message every time i set up a static NAT. But i do not want to compromise breaking my security policies. Is it possible to insert the inside interface NAT and then remove the subnet NAT without breaking my Security Policies and causing too much disruption?