phillips,The method that you are suggesting should work.if you have a static translation of a host in the dmz with the public address belonging to the inside..it does not matter because the firewall will be loooking for a route to the 10.x.x.x IP and...