Hi, 

I am trying to create NAT rule that will allow clients on the internet to connect to the ASAs outside interface on port 242, have the packets D-NATed to a server, 172.22.0.65 on port 22, inside interface but when the packet reaches the server the source address of the packet will be the inside interface address of the ASA, 10.5.1.41.

The ASA is running 9.2.1 and is in multiple context mode.

In my GNS3 8.4 ASA this almost work in so far as it translated to the server with the source address of 4.2.2.1:

object network ssh-172.22.0.65
 host 172.22.0.23
object network wan-4.2.2.1
 host 4.2.2.1
object service SSH
 service tcp destination eq ssh
object service SSH-24242
 service tcp destination eq 24242

nat (outside,inside) source dynamic any wan-4.2.2.1 destination static interface ssh-172.22.0.23 service SSH-24242 SSH

In the production environment I am falling foul of the dynamic NAT and haven''t been able to work around that even by using after-auto positioning. 

For reference here are the existing NAT statements:

ASA5585-SSP-40/l-asa-02(config)# sho run nat
nat (office,infradmz) source dynamic any interface
nat (wlan-internet,outside) source dynamic any interface
nat (wlan-guest,outside) source dynamic any interface
nat (wlan-internet,infradmz) source dynamic any interface
nat (office,outside) source static L-ASA-02-OUTSIDE L-ASA-02-OUTSIDE destination static Z-VPN-02-OUTSIDE Z-VPN-02-OUTSIDE
nat (office,outside) source static ALL-NETWORKS ALL-NETWORKS destination static office-declisub office-declisub
!
nat (office,outside) after-auto source dynamic any interface

Has anybody got any suggestions please?

TIA, James