"Because I am using a private range, I need to address a packet from a private IP address and to internet / from internet to a private ip address. Which would not work. Because 1700 would not do nat"
You are correct. I will setup access lists and the IP Inspect on the router. Should I just disable NAT, or would the NAT with the no random keyword be better? As it is now, I have NAT on both, with the web server and email server setup with a static statement using the same address for the inside and outside addresses (so it translates the inside address to the inside address going out), then put a route statement on the router telling it to send anything for the internal network address to the PIX. It works, but I feel it is clumsy and possibly dangerous. Thank you all for the help so far! This forum is great!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74253&t=74141 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html