https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050709#M134367 <P>Hi,</P> <P></P> <P>I have created a Public Server config and it has created an auto-NAT of the following:</P> <P><STRONG>object network IP.10.xx.2.122</STRONG><BR /><STRONG>&nbsp;nat (Inside,Outside) static IP.164.xx.11.11</STRONG></P> <P>I also want to be able to PAT on my inside interface so the traffic knows</P> <P>to return to the firewall, every time I add an After-Auto NAT the traffic</P> <P>does not hit the After-Auto NAT rule.</P> <P>Has anyone done a similar config?</P> <P>My After Auto NAT rule is as follows:</P> <P><STRONG>nat (Outside,Inside) after-auto 2 source dynamic any IP.10.XX.201.11 destination static IP.10.xx.2.122-New IP.10.xx.2.122-New</STRONG></P> <P></P> <P>Regards</P> Tue, 12 Mar 2019 09:39:25 GMT shastymacnasty 2019-03-12T09:39:25Z https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050709#M134367 <P>Hi,</P> <P></P> <P>I have created a Public Server config and it has created an auto-NAT of the following:</P> <P><STRONG>object network IP.10.xx.2.122</STRONG><BR /><STRONG>&nbsp;nat (Inside,Outside) static IP.164.xx.11.11</STRONG></P> <P>I also want to be able to PAT on my inside interface so the traffic knows</P> <P>to return to the firewall, every time I add an After-Auto NAT the traffic</P> <P>does not hit the After-Auto NAT rule.</P> <P>Has anyone done a similar config?</P> <P>My After Auto NAT rule is as follows:</P> <P><STRONG>nat (Outside,Inside) after-auto 2 source dynamic any IP.10.XX.201.11 destination static IP.10.xx.2.122-New IP.10.xx.2.122-New</STRONG></P> <P></P> <P>Regards</P> Tue, 12 Mar 2019 09:39:25 GMT https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050709#M134367 shastymacnasty 2019-03-12T09:39:25Z https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050710#M134370 <P>Hi&nbsp;<A href="https://supportforums.cisco.com/users/shastymacnasty" title="View user profile." class="username" lang="" about="/users/shastymacnasty" typeof="sioc:UserAccount" property="foaf:name" datatype="">shastymacnasty</A>,</P> <P>You don't need two NAT statements to achieve that. Add the following configuration and you will achieve what you want.</P> <P>object network IP.10.xx.2.122<BR />no nat (Inside,Outside) static IP.164.xx.11.11</P> <P>!</P> <P></P> <P>nat (Outside,Inside) &nbsp;source dynamic any IP.10.XX.201.11 destination static <SPAN>IP.</SPAN><SPAN>164.xx.11.11 IP.10.xx.2.122</SPAN></P> Tue, 04 Jul 2017 14:25:33 GMT https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050710#M134370 Spooster IT Services 2017-07-04T14:25:33Z https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050711#M134373 <P>That worked perfect, thanks Spooster, been staring at it too long! Appreciate it.</P> Tue, 04 Jul 2017 14:49:44 GMT https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050711#M134373 shastymacnasty 2017-07-04T14:49:44Z https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050712#M134376 <P>Great.... Glad to hear. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 04 Jul 2017 14:52:49 GMT https://community.cisco.com/t5/network-security/after-auto-nat-question/m-p/3050712#M134376 Spooster IT Services 2017-07-04T14:52:49Z