please make sure that you also configure an access-list to let connections pass that are initiated on the outside towards the inside (if you need this of course).

Kind Regards,

Tom

I actually tried this before. Here is my problem

I have a NAT statement

and Access Lists (using Object Groups) allowing inside hosts to access some ports on the web and some web sites. Everything else is "Denied". All these are NATed using a public IP x.x.x.58

Among inside hosts (coming through the same "inside" interface), there are some users for which i want to have one-one mapping.

Lets say for user 172.16.100.199 should be mapped to x.x.x.59. So i use the command

However it still doesn't work. The host is denied based on the Access-List i have for all other Users and probably the "static" command is not ever used.

How can i achieve that ?

If i use "nat 0

Hi,

if you need outbound connection for those specific hosts, the only way is to permit them in your acl, because that is the place where your packet is inspected at the first time. So, the static will not work if your acl does not allow the traffic go through.