Interface Network Address Translation Using DIPs
A dynamic IP (DIP) pool is a range of IP addresses. The security device can dynamically or deterministically use these IP addresses when performing network address translation on the source IP address (NAT-src) in IP packet headers.
If the range of addresses in a DIP pool is in the same subnet as the interface IP address, the pool must exclude the interface IP address, router IP addresses, and any mapped IP (MIP) or virtual IP (VIP) addresses that might also be in that subnet.
If the range of addresses is in the subnet of an extended interface, the pool must exclude the extended interface IP address.
You can assign DIP pools to physical interfaces and subinterfaces for network and VPN traffic, and tunnel interfaces for VPN tunnels only.
Dip pools can now be defined on VLAN interface when the device running on ScreenOS 6.2 is in Transparent mode.