I have everything working now
castellansolutions: is right about adding a network CIDR subnet to the WAN interface but no NAT rule is needed "I was expecting to need a NAT rule"
Now here is a question, of all the CIDR IP's that went to the proper web servers. No other ip's in the CIDR block worked. Just 1"virtual ip" I know the firewall rules were correct.
(by the way they gave us a wrong CIDR block at the cutover. I made 10 DNS changes. And after COX discovered it was the wrong block a day later, they gave us a new block after my client had some words with them) and I had to change the DNS again, and all my address objects.
I worked quite a while on making sure every thing was right on my end.
So here is the question one of the CIDR ip's worked as it should have, sending mail and OWA to our exchange server. But none of the other in the block worked.
Monday morning 7:30 I call COX after being up all night.They escalate and without me changing anything on my end in 20 min, everything works 5 web sites that were not accessible even via IP now work by DNS, VPN works... everything is good.
What did they do? Arp issue on a router? modem?
Any ideas what COX did? They are playing dumb.