Yes, the 220.127.116.11/25 should work fine. You obviously lose some addressing but if you have enough it should be okay.
The 18.104.22.168 might be problematic. You won't have an interface on the pix in that range so it's not useable. What you could do is use subinterfaces on your pix inside interface (dot1q) trunking, create 2 logical interfaces and then use those.
How many addresses do you need for the inside and do you have any routers on the inside ?
This is for "fixing" an cut over of ISP providers and they can only bring one of their two I class c addresses. currently they are a flat internal network with no routers today and so that makes the dot1q a problem. They need to have as much of the class C available on the inside and they have to have the outside .2 address available because they do a lot of ezvpn connections.
Okay, dot1q does not require a router though. You just need a 802.1q capable switch and you can use subinterfaces on the pix to use more of the /24 subnet range internally but you would need to modify subnet masks on the internal machines.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...