I have a couple of hundred users accessing the outside via:
global (outside) 1 188.8.131.52-184.108.40.206 netmask 255.255.255.224
global (outside) 1 220.127.116.11 netmask 255.255.255.224
It seems that the first people that connect after a restart grab the NAT addresses and everyone else gets the PAT. It there a reason that I shouldn't give most of the registered IP's back to the ISP and just keep a smaller group? My ISP appears to be holding any PTR changes hostage until I relinquish some addresses. At issue is that my PTR is set to one of the IP's in the middle of the NAT group. Each time the firewall is reset, the mail server locks into a different outside address which causes reverse DNS to fail. Can I force the mail server to a particular address (the one the PTR is set to)?