I have following NAT statements configured.
I have PAT for all web traffic. Any non-web traffic should use the dynamic NAT pool and then a PAT address if dynamic NAT runs out of addresses.
But, I am seeing multiple connections on one single address on the dynamic NAT pool.
access-list Web_Outbound permit tcp 10.0.0.0 255.0.0.0 any eq www
access-list Web_Outbound permit tcp 10.0.0.0 255.0.0.0 any eq https
nat (inside) 10 access-list Web_Outbound
nat (inside) 15 10.0.0.0 255.0.0.0
global (outside) 15 x.x.18.1-x.x.19.254
global (outside) 10 x.x.6.252 netmask 255.255.255.255
global (outside) 10 x.x.6.253 netmask 255.255.255.255
global (outside) 15 x.x.6.254
global (outside) 15 x.x.6.251
global (outside) 15 x.x.6.250
So, any non-web traffic (identified by NAT ID 15) should take the dynamic NAT pool of x.x.18.1 to x.x.19.254 first. When it runs out of addresses it should use x.x.6.254 etc.
But I am seeing a single address on the dynamic NAT pool being used by many hosts and I am not seeing the PAT address of x.x.6.254 being used at all.
Isn't the dynamic NAT a one to one mapping? WHy is it being used as a PAT? Did I miss something on the configuration?