The thing I found while trying this is that you have to manually add ARP entries for the mapped systems on the NAT system. I got so frustrated by trying to use NAT that I renumbered and got rid of the private address space entirely. My experience confirmed everything I wrote in RFC 1627. NAT is Evil. Erik