Hi All,

I have a location with 4 DVR's, all connected to an isolated ASA 5505 connected to my main ASA 5505 on the outside interface/vlan, using a /29 public subnet:

DVRs-------Isolated ASA---------Main ASA--------Internet

I am doing static 1-to-1 NAT for 3 of the 4 DVR's, but since a /29 only gives me 6 addresses and each ASA has a public address on that subnet as well as the ISP's router (my gateway), that leaves me unable to static 1-to-1 NAT the 4th DVR, so I need to PAT it onto the interface using ports 81, 1025 & 8001.  I have everything working except the PAT.  Below is my config.  What am I missing?

1-to-1 NAT Configs:
object network DVR-1
host 192.168.1.250
object network DVR-1-p
host 96.xx.xxx.219

object network DVR-2
host 192.168.1.251
object network DVR-2-p
host 96.xx.xxx.220

object network DVR-3
host 192.168.1.252
object network DVR-3-p
host 96.xx.xxx.221

object network DVR-1
nat (inside,outside) static DVR-1-p
object network DVR-2
nat (inside,outside) static DVR-2-p
object network DVR-3
nat (inside,outside) static DVR-3-p

Interface PAT Configs: (96.xx.xxx.218 = interface IP)
object network DVR-4_TCP81
host 192.168.1.253
object network DVR-4_TCP1025
host 192.168.1.253
object network DVR-4_TCP8001
host 192.168.1.253

object network DVR-4_TCP81
nat (inside,outside) static interface service tcp 81 81
object network DVR-4_TCP1025
nat (inside,outside) static interface service tcp 1025 1025
object network DVR-4_TCP8001
nat (inside,outside) static interface service tcp 8001 8001

Firmware:

FW-SH5505-B# show ver

Cisco Adaptive Security Appliance Software Version 9.1(6)
Device Manager Version 7.5(2)

Compiled on Fri 27-Feb-15 13:50 by builders
System image file is "disk0:/asa916-k8.bin"