Randy, one possible way to do this is with Static/Dynamic NAT. You will need to use at least a /29 address from your provider to do this. Use a pool to NAT overload with and define a static NAT for your internet based services..
!!! first and last valid IP to nat with ip nat pool nat-pool 216.18.31.x 216.18.31.x prefix-length 24 !!! Define the pool to overload with ip nat inside source route-map nat-map pool nat-pool overload !! Define the inside and ouside address to stay static ip nat inside source static 192.168.200.1 216.18.31.200 route-map nat-map permit 10 !! Route-maps use less CPU match ip address 10 !! referes to access list 10 !! Deny your static address translation access-list 10 deny x.x.x.x x.x.x.x access-list 10 permit x.x.x.x x.x.x.x !! Permit the rest Hope this helps Mark CCNP,CCNA,CCDA,CNE,MCSE (CCIE to Be) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35071&t=35032 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]