I have allowed all traffic to bypass PIX for outbound traffic.
I'm affraid i don't fully understand your question, above statement seems a little odd, why would have have a pix in place and then want to bypass it ?
Anyhow, here is what i think you need to know.
If you have configured something like this in your pix config
[code:1]global (outside) 1 interface[/code:1]
this is setting up a nat translated ip address for your natting. This will basically use PAT because its picking the IP Address thats bound to the outside interface. If you have a full subnet from your ISP you may have actually selected a pool of NAT addresses, like follows
[code:1]global (outside) 1 192.168.0.1 - 192.168.0.100[/code:1]
What that will do is setup a direct IP to IP NAT translation fo rthe first 99 clients that connect, the rest will use PAT on the last address 192.168.0.100
Finally, you need to select the address that will use this global nat statement, this is the bit you need...
If you have configured a new subnet say 10.10.10.0/24 in your inside network which routes through the inside interface to get to the internet, you config your pix like this to just let that subnet NAT through
[code:1]nat (inside) 1 10.10.10.0 255.255.255.0[/code:1]
The number 1 is just linking the two statments. If you had a DMZ off the pix on an interface called DMZ with a subnet of 172.16.0.0/24 and you wanted that to also translate, you would configure the following nat statment
[code:1]nat (dmz) 1 172.16.0.0 255.255.255.0 [/code:1]
See, how we have linked this statement also to the global pool of address to NAT agains by selecting the number 1
Hope it helps ya
Wayne[/code]
