We currently have a Firepower 4110 running 7.0.4 managed by an FMCv also running 7.0.4. We've been experiencing some asp-drops because of NAT exhaustion, so I tried to change the dynamic Auto NAT rule from a single IP address to a range of IP addresses as they unfortunately don't fall on a subnet boundary. As soon as the change is deployed, only one system could get out on each public IP address in the pool. The response to "sh xlate | in <public_IP>" was a single xlate entry for each public IP in the pool. I change it back to the single IP, and there are thousands of entries. I repeated this 3 times and verified all objects just to make sure nothing was fat fingered. I also cleared the connection and translation tables, which didn't help. I'm missing something pretty basic, I guess, but can anyone point me to the issue? The object for Public_NAT is #.#.#.6, while the object for Public_NAT_pool is a *range of #.#.#.6-#.#.#.9. For the below, the source and destination zones are inside and outside. Thanks for your help.

Existing rule (works):

New rule (doesn't work):