Hi all, I am considering to replace my Cisco ASA 5505 by a PA-220. My situation is as follows: The external interface is part of a trunk where internet connectivity is delivered on a specific VLAN. The IP address on the external interface is assigned by DHCP which unfortunately is mandatory. A public /29 subnet is routed to that DHCP assigned IP address. This /29 subnet is part of a different subnet than the DHCP assigned IP address. I am able to use the /29 subnet to publish internal servers with private IP addresses to the internet where it doesn't matter in which internal private subnet these machines are located (DMZ, LAN). As soon as the ASA has a NAT rule and a security rule it will happily start forwarding packets the the published server. There is no need to assign any of the /29 IP addresses to any interfaces. For ease of management I just create an object for each IP address (x.x.x.x/32) and use it in the NAT rules. Before I'm going to buy a PA-220 I need to know if it can do this as well. So far studying the documentation and knowledge base I figured out that 1 and 2 should be no problem. But I can not find anything on 3 and 4. So the big question is can the PA-220 do 3 and 4? If yes how? Regards, Han.
... View more