access-list IDENT-STATIC extended permit ip object-group X object-group Y
global (outside) 9 x.x.x.x
nat (inside) 9 x.x.x.x 255.255.255.0 dns
static (inside,outside) x.x.x.0 access-list IDENT-STATIC
I have the following configuration above which works fine but an issue has come up in which I need to see if it is possible or not to work around. Group X is an internal network of users on RFC1918 space and object-group Y is also an internal network that is on public ip's. So basically they are identity natted if they reach any host on the Y network and are PAT'ed if they go elsewhere. What I need to do if possible is allow all the computers in object-group x to reach one host in object-group Y without being NAT'ed. The host they need to reach is already a part of the network in object-group Y. Is there a way to exclude a host from being NAT'ed before this statement is processed?