https://community.cisco.com/t5/network-security/nat-help/m-p/3306087#M1003247 <P>Hi elite,</P> <P>&nbsp;</P> <P>You need to add "host 192.168.2.10" under your object. Please check below for a sample config.</P> <P>object network 192.168.2.10</P> <P>host 192.168.2.10</P> <P>nat (Inside,Outside) static 2.2.2.2</P> <P>&nbsp;</P> <P>Now, your host 192.168.2.10 is accessible from the Internet by using public IP 2.2.2.2 based on your outside interface ACL and when this host will go to the Internet it always has source IP 2.2.2.2 instead of 2.2.2.3 because the above NAT has higher preference over the after-auto NAT.</P> <P>&nbsp;</P> <P>On the other hand, all other hosts from the same subnet will use 2.2.2.3 as the source while going to the Internet due to PAT.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 04 Jan 2018 14:55:50 GMT Spooster IT Services 2018-01-04T14:55:50Z https://community.cisco.com/t5/network-security/nat-help/m-p/3305384#M1003244 <P>Hi,</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>In 192.168.2.10&nbsp; enabled http and https . If source is&nbsp; is the server (Server accessing hosts outside ),I want to show the source ip is 2.2.2.2 .</P> <P>&nbsp;</P> <P><SPAN>object network 192.168.2.10</SPAN></P> <P><SPAN>nat (Inside,Outside) static 2.2.2.2</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>nat (Inside,Outside) after-auto source dynamic 192.168.2.10&nbsp; 2.2.2.2</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>This is possible ?</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>the below configuration works</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P>object network 192.168.2.10</P> <P>nat (Inside,Outside) static 2.2.2.2</P> <P>&nbsp;</P> <P>nat (Inside,Outside) after-auto source dynamic 192.168.2.10&nbsp; 2.2.2.1</P> <P><SPAN>Thanks&nbsp;</SPAN></P> Fri, 21 Feb 2020 15:03:46 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/3305384#M1003244 elite2010 2020-02-21T15:03:46Z https://community.cisco.com/t5/network-security/nat-help/m-p/3305508#M1003245 <P>Hi Elite,</P> <P>&nbsp;</P> <P>If you have configured the following static NAT then there is no need to configure PAT for the same server/IP.</P> <P><BR />object network 192.168.2.10</P> <P>nat (Inside,Outside) static 2.2.2.2</P> <P>&nbsp;</P> <P>If 192.168.2.10 accessing outside host then it will always be having the source IP address 2.2.2.2</P> Wed, 03 Jan 2018 18:38:40 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/3305508#M1003245 Spooster IT Services 2018-01-03T18:38:40Z https://community.cisco.com/t5/network-security/nat-help/m-p/3305721#M1003246 <P>Hi,</P> <P>Not all machine in the network 192.168.2.0 have static NAT .&nbsp;</P> <P>So I have added pat like below&nbsp;</P> <P>nat (Inside,Outside) after-auto source dynamic 192.168.2.0 2.2.2.3</P> <P>So whenever&nbsp; traffic is going from any host in the network 192.168.2.0 , it shows 2.2.2.3 .</P> <P>&nbsp;</P> <P>object network 192.168.2.10</P> <P>nat (Inside,Outside) static 2.2.2.2</P> <P>My requirement when 2.10 accessing outside internet host , host has to see the source is 2.2.2.2 instead of 2.2.2.3&nbsp;</P> <P>Same time host 192.168.2.3&nbsp;<SPAN>accessing outside internet host , host has to see the source is 2.2.2.3 .</SPAN></P> <P><SPAN>Please note I don't have static nat for&nbsp;192.168.2.3 like 2.10&nbsp;</SPAN></P> <P><SPAN>Thanks</SPAN></P> <P>&nbsp;</P> Thu, 04 Jan 2018 03:40:46 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/3305721#M1003246 elite2010 2018-01-04T03:40:46Z https://community.cisco.com/t5/network-security/nat-help/m-p/3306087#M1003247 <P>Hi elite,</P> <P>&nbsp;</P> <P>You need to add "host 192.168.2.10" under your object. Please check below for a sample config.</P> <P>object network 192.168.2.10</P> <P>host 192.168.2.10</P> <P>nat (Inside,Outside) static 2.2.2.2</P> <P>&nbsp;</P> <P>Now, your host 192.168.2.10 is accessible from the Internet by using public IP 2.2.2.2 based on your outside interface ACL and when this host will go to the Internet it always has source IP 2.2.2.2 instead of 2.2.2.3 because the above NAT has higher preference over the after-auto NAT.</P> <P>&nbsp;</P> <P>On the other hand, all other hosts from the same subnet will use 2.2.2.3 as the source while going to the Internet due to PAT.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 04 Jan 2018 14:55:50 GMT https://community.cisco.com/t5/network-security/nat-help/m-p/3306087#M1003247 Spooster IT Services 2018-01-04T14:55:50Z