Ok so I have 5 static IP addresses now and here is what I want to try but I'm not sure it will work this way, need suggestions. I am going to simplify it with only 2 of the IP's in use for this example
interface FastEthernet0/0
description $ETH-WAN$$FW_OUTSIDE$
ip address x.x.x.1 255.255.255.248
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
no cdp enable
no mop enabled
interface FastEthernet0/1
description $ETH-LAN$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.10.1 255.255.255.0
ip access-group 110 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip inspect SDM_LOW in
ip virtual-reassembly
!
interface FastEthernet0/1.2
description VLAN 2
encapsulation dot1Q 2 native
ip address 192.168.10.1 255.255.255.0
ip access-group 120 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
!
ip nat inside source static 192.168.11.1 x.x.x.2
If I static nat the second IP to the VLAN2 interface will I still be able to apply Zone based FW and ACLs?