the source subnet (VLAN) is direct connect to the firewall as is the destination subnet (VLAN). I'm thinking, for example:

server A 10.1.1.7; executes a packet destined for the 192.168.1.0 network, it gets NAT'd to 192.168.1.10,

a route on the firewall to the 192 subnet (also connected VLAN) routes the traffic to the interface for the 192 address space..

No?

So are you looking to not NAT? If 10.1.1.7 sends a message to 192.168.1.10, it does not need to NAT. There is no tranlsation between the subnets. If you wanted to NAT, let's use the subnet of 172.16.1.0/24, the 10.1.1.7 server would message 172.16.1.10, which in turn would be NAT'd to 192.168.1.10. Hope that make sense.

hmmm...

the intent is to get the 10.1.1.7 (and any other server in that /25 subnet) to the 192.168.1.0 /24 to give the appearance that all traffic from the 10.1.17 is being sourced as 192.168.1.10...

does that make better sense...maybe i didnt explain it correctly

sorry, after rereading this, i needed to clarify.

"to give the appearce that all traffic from the 10.1.1.0 /25 is being sourced as host address 192.168.1.10"

I'm not even sure that it can be done...

i want the hosts in the 192.168.1.0 /24 to ALWAYS talk back to 192.168.212.10 which NATs to ANY 10.1.1.0 /25...

does that make sense??

I think this is your traffic flow

Outside (10.1.1.0/25) -> Inside (192.168.212.10)

But Inside sees Outside network as 192.168.1.0. Am I correct?

If yes, then you can do policy NAT

access-list NET10-1-1-0 extended permit ip 10.1.1.0 255.255.255.128 host 192.168.212.10

static (outside,inside) 192.168.1.0 access-list NET10-1-1-0

But the 192.168.1.0 will not be a /24, it will match the source on the ACL to be a /25.

HTH,

jerry

we got it...

we set the following

global 1 interface

nat 1 access-list

BAM worked like a champ...

thanks for all the responses