Hello NG, I'm in the process of changing ISPs and I'm configuring a PIX 501 to use as a backup firewall while our DNS entries change. So our main firewall will be configured with the new ISP's public IP address, and the PIX will be assigned our existing ISP's public IP address. Internal addresses will be 192.168.1.254 and 192.168.1.253 respectively. The main reason for this is so we can receive incoming SMTP through our old ISP while the DNS records get updated, and I've already configured a port mapping on the PIX to forward SMTP traffic to our internal mail server. However, as the default gateway of the mail server is not the PIX, this is not working properly. I think the only way this can be quickly fixed is if the inbound traffic is NAT'ed onto the PIX internal IP address, but I'm not sure how to do this. So I want all traffic arriving on the PIX public interface, port 25, to be forwarded to our internal mail server and the source address NAT'ed to the PIX private interface. So reply packets will go to the PIX (and then back out through the public interface), as opposed to them being "lost" by going to the default gateway, which will have no knowledge of this traffic. Is there a way to do this, and if so, how? Alex