Hi,
I describe more detailed my situation.
untrust zone (IP 1.1.1.1/29) <> trust zone1 2.2.2.0/28, trust zone2 3.3.3.0/28, trust zone3 4.4.4.0/27 etc ...
my new subnet have ext 5.5.5.0/28 and int 172.16.16.0/24 there are about 500 websites and all connections to databases servers connects internaly - thats why I can not change IP addreses for servers.
I can create trust zone5 with IP 5.5.5.0/28, but what is the best way to NAT it?
I know how to create VIP, MIP, DIP, but as I understand it is not the way how to do it in this case.
I have no experience with policy nat, but if it helps I can learn it.
Thanks.