ASA 5505 gets it's static IP address on the outside interface through DHCP.

ISP routes a /29 to that DHCP assigned address.

Traffic from LAN to internet uses a Dynamic PAT (Hide) rule in section 3. The translated packet's source address is the IP address assigned through DHCP which is fine for clients on the LAN browsing the internet.

What I would like to achieve:

Access from internet to multiple servers on LAN while preserving as much of the /29 block as possible.

The public IP address that is used to access the server on the LAN must also be the IP address that is used as the source address for any traffic originating from that server and destined to the internet. It must not be the DHCP assigned address that is used by other hosts on the LAN using the Dynamic PAT (Hide) rule.

What I have tried:

Network Object NAT achieves that two-way relationship where the public IP address for that particular server is the same in both directions, but at the cost of a public IP address for every server, see http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/asdm63/configura....

Network Object PAT gives the possibility to publish multiple hosts with different services/ports using one public IP address, see http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/asdm63/configura.... But in that case the outgoing public IP address is the DHCP assigned one and that is not what I want.

Why do I want this:

I want the incoming and outgoing public IP address of my mail server to be the same and yet be able to use that same public IP address for a webserver that is running on another host.

Is this possible with an ASA?

Maybe it's my way of thinking but I think it is odd when traffic from the internet to a server on the LAN uses one public IP address and traffic from that server to the internet uses another.

Thanks in advance