https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769141#M177651 <P>Hi,</P><P>To NAT traffic for a specific source IP, you can make following changes,</P><P><SPAN style="font-size: 14.4px; line-height: normal; background-color: rgb(249, 249, 249);">nat (DMZ1,outside) source static &lt;real-ip&gt; &lt;mapped-ip&gt; service 5630 443 destination static &lt;sourceip&gt; source ip&gt;</SPAN><BR style="font-size: 14.4px; line-height: normal; background-color: rgb(249, 249, 249);" /><SPAN style="font-size: 14.4px; line-height: normal; background-color: rgb(249, 249, 249);">nat (DMZ2,outside) source static &lt;real-ip&gt; &lt;mapped-ip&gt;</SPAN></P><P>&nbsp;</P><P>Thanks,</P><P>R.seth</P><P>&nbsp;</P> Sun, 18 Oct 2015 10:54:34 GMT Rishabh Seth 2015-10-18T10:54:34Z https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769138#M177648 <P>Hi</P><P>&nbsp;It has been a couple of years since I last had my hands on the ASA firewall - but a question popped up the other day, which I could not answer..</P><P>&nbsp;</P><P>Is it possible to do policy based destination PAT from&nbsp;the outside to inside interfaces&nbsp;- based on source IP address ?</P><P>&nbsp;</P><P>The outside (static) IP is assigned by DHCP (only a single address is available) - and if traffic is initiated towards the outside IP from source address A towards tcp port 443, it should be redirected/PAT'ed&nbsp;to DMZ1 port 5630 - and for all other source IP addresses it should be redirected/PAT'ed to DMZ2 port 443.</P><P>&nbsp;</P><P>Is this possible at all? Firmware version&nbsp;is 9.2 ..</P><P>&nbsp;</P><P>Regardes</P><P>Brian</P><P>&nbsp;</P> Tue, 12 Mar 2019 06:45:27 GMT https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769138#M177648 Brian I 2019-03-12T06:45:27Z https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769139#M177649 <P>Hi Brian,</P><P>You can create manual NAT rules to implement your network requirement.</P><P>Create the NAT for specific ports above the rules for broad range of ports.</P><P>object service 5630<BR />&nbsp;service tcp destination eq 5630<BR />object service 443<BR />&nbsp;service tcp source eq https<BR />&nbsp;<BR />&nbsp;<BR />nat (DMZ1,outside) source static &lt;real-ip&gt; &lt;mapped-ip&gt; service 5630 443<BR />nat (DMZ2,outside) source static &lt;real-ip&gt; &lt;mapped-ip&gt;</P><P>Hope it helps!!!</P><P>Thanks,</P><P>R.Seth</P><P>Mark the answer as correct if it helps in resolving your query!!!</P><P>&nbsp;</P> Sun, 18 Oct 2015 07:04:24 GMT https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769139#M177649 Rishabh Seth 2015-10-18T07:04:24Z https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769140#M177650 <P>Hi</P><P>&nbsp;This&nbsp;maps port 443 -&gt; 443 and 5630 -&gt; 5630</P><P>What I want to achieve is (if possible):</P><P>If traffic originates from IP address A and hits the outside interface on&nbsp;TCP&nbsp;port 443, it should be PAT'ed to a host in DMZ1 port 5630</P><P>For all other traffic that hits the outside interface on TCP port 443, it should be PAT'ed to a host in DMZ2 port 443 ..</P><P>Regards</P><P>/Brian</P><P>&nbsp;</P> Sun, 18 Oct 2015 10:23:02 GMT https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769140#M177650 Brian I 2015-10-18T10:23:02Z https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769141#M177651 <P>Hi,</P><P>To NAT traffic for a specific source IP, you can make following changes,</P><P><SPAN style="font-size: 14.4px; line-height: normal; background-color: rgb(249, 249, 249);">nat (DMZ1,outside) source static &lt;real-ip&gt; &lt;mapped-ip&gt; service 5630 443 destination static &lt;sourceip&gt; source ip&gt;</SPAN><BR style="font-size: 14.4px; line-height: normal; background-color: rgb(249, 249, 249);" /><SPAN style="font-size: 14.4px; line-height: normal; background-color: rgb(249, 249, 249);">nat (DMZ2,outside) source static &lt;real-ip&gt; &lt;mapped-ip&gt;</SPAN></P><P>&nbsp;</P><P>Thanks,</P><P>R.seth</P><P>&nbsp;</P> Sun, 18 Oct 2015 10:54:34 GMT https://community.cisco.com/t5/network-security/policy-based-destination-pat/m-p/2769141#M177651 Rishabh Seth 2015-10-18T10:54:34Z