One of the recent post in EE that came up was a user wanted to have a scenario where-in he has multiple subnets in his network and he wants to do unique patting for all those networks when they exit for internet access.

Say for example if my SubnetA has an ip of 10.10.10.0/24, SubnetB has an ip of 10.10.20.0/24 and I have 2 public ip addresses (PublicIPA, PublicIPB), I could do the patting for each individual networks. This gives the granularity of auditing based on exit public ip address. So here is what I think can be done.

If this is done on PIX Firewall:

global (outside) 1 PublicIPA
nat (inside) 1 10.10.10.0 255.255.255.0

global (outside) 1 PublicIPB
nat (inside) 1 10.10.20.0 255.255.255.0

If this has to be done on a Cisco Router:

ip nat pool SubnetA PublicIPA PublicIPA netmask 255.255.255.255

ip nat inside source list 1 pool SubnetA overload

access-list 1 permit ip 10.10.10.0 0.0.0.255

ip nat pool SubnetB PublicIPB PublicIPB netmask 255.255.255.255

ip nat inside source list 2 pool SubnetB overload

access-list 2 permit ip 10.10.20.0 0.0.0.255

int <Internal_Int>

ip nat inside

int <External_Int>

ip nat outside

Cool.