Tue Dec 18, 2012 11:29 am
I can't imagine that Zyxel magically over-rides the client's DHCP mode; they must be doing some sort of (symmetric) NAT on such devices. This is more or less what I was talking about in the second paragraph - it's certainly possible to do this.
I suspect you may have to run some scripts to get this to work precisely as you wish it to (which I can't help you with, but you'd have to record the client's IP, then use that to build your NAT rules dynamically, which I suspect will be tricky).
It will be much easier if you don't want symmetric NAT (i.e. 1 of your addresses to 1 client address); if you tell the SRC NAT rule on your client-facing interface(s) to masquerade or src-nat <any IP that isn't one of yours> (address lists is usually the most flexible way), this should achieve similar functionality to what I suspect the Zyxels are doing. Incoming (dst-nat) rules will be rather more tricky and require you to know that address the end user is using. That said, routing could get extremely ugly, and I would suggest you tell clients they really ought to be using DHCP.
Good luck!