I have what I think is a fairly straightforward configuration, though I cannot quite seem to get it working. I need to have a few different DMZ hosts with PAT on a specific IP (that's not the ASA interface IP), where also if one of these hosts initiates an outbound connection it uses that specific IP, not the default one. All other hosts should just use the default translation.
It seems like if I use Static NAT with PAT, it translates traffic for just those matching ports (8001-8003) but any other traffic falls back to the default translation.
Example of what I'm trying to achieve:
Server1: 184.108.40.206:8001 -> 192.168.1.1:8001
Server2: 220.127.116.11:8002 -> 192.168.1.2:8002
Server3: 18.104.22.168:8003 -> 192.168.1.3:8003
Server1 initiates any outbound connection, it should come from (translate to) 22.214.171.124 not 126.96.36.199.
What's actually happening:
An outbound connection not matching those ports XLATs to 10.1.1.1 instead of 10.1.1.2:
UDP PAT from dmz:192.168.1.1/123 to outside:188.8.131.52/123 flags ri idle 0:01:00 timeout 0:00:30