Here's a puzzler for you: "Their" 192.168.10.0/24 Network | "Their" Default gateway | "Their" VPN 3030 Concentrator running PAT w/ external interface 2.2.2.2 (Reference Point A) | Another default gateway leading to... | The Internet | "My" gateway router | "My" VPN box | "My" internal router possibly running NAT (Reference Point B) | "My" 172.16.0.0/14 network The VPN boxes are up and running and have a tunnel established. Okay, so at Ref. Point A, we're running PAT on the VPN box to hide the 192.168.10/24 network. Fine and dandy. For some reason, management has said that all source addresses coming into "my" network must be 172-based addresses rather than the 2.2.2.2 address. So they want to know if at Ref. Point B if I can run another NAT session which translates the 2.2.2.2:Port addresses into 172.16.0.0/14 addresses. I would think this wouldn't be possible, because I know of no NAT command which allows you to specify the outside local addresses as being PATted addresses. Is there such a command? Thanks. BJ P.S. Someday, "their" 192.168.10/24 network will be renumbered. This is just an interim configuration. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18418&t=18418 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]