I have a client that has an internal subnet that is the same as Microsoft's public range (it was orginally setup that way). I know the ultimate solution is re-address the subnet to a private range. That is going to happen eventually but it the interim, I need to setup something so they can access Microsoft web sites. The interal addressing is 131.107.2.x/16. Any thoughts on this?