. You can use one range on the inside and use address translation from outside to inside. For the natting there are two easy ways (VIP/MIP) and a difficult way (destination nat in the policy). Let's focus on the first two.
A VIP is one way translation from untrust to trust. You can define a VIP (on the untrust interface) on the interface address or on a seperate address. After that you configure a service on the VIP. This service you map to a trusted address. It's like portforwarding on many cheap routers work, Just translating the address doesn't allow the traffic. You need to configure a policy as well. From unrust to trust any VIP(IPadress_of the vip) HTTP by example. any beining source, VIP(IP) the destination HTTP the service.
Address translation only occurs from untrust to trust, not the other way around. so when the host start a session the default natting is use: source is translated to the IP of the untrust interface.
The MIP on the other hand allways gets an IP address other than the interface. It's a one on one mapping. All traffic ditrected to the MIP is translated to the host address you configures for the MIP. You also configure it on the untrust interface. Again you need a policy, but the destinaion is MIP(IP_OF_MIP) now instead of VIP. The big difference is that when the host initates a session the source address will be translated to the MIP address, not the interface IP. This is very usefull when you want a SMTP server running on another address then the interface IP adress.
VIP: unidirectional natting
MIP: Bi-directional natting.
You can find a lot of configurration examples here: http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/ce_v8.pdf
Hope this helps a litle more. I've been rather busy, so you had to wait a while for my reply, sorry.