There are a couple of ways to do NAT/PAT assignments as you might expect out of 8.4. Assuming that you don’t really have a single Net Object that represents the entire inside network I recommend not using the Net-Object method and to define a rule “outside” of the Net-Object framework.
So first define a network object for NAT range of external IPs and then a PA external IP address. In cli it looks like this, these are external IPs just to be clear:
object network nat-range1
range 220.127.116.11 18.104.22.168
object network pat-ip1
You can do the same easily from the ASDM but I wanted to make sure the size of the block as a range instead of a subnet was visible.
Now from the NAT page create a new Dynamic Rule,
The NAT Pool should look like this when done, I use inside to Outside2 here.
Note the nat-range object which used to be a “pool”.
Now add a PAT. It cant overlap with the NAT pool, etc etc. Don’t choose Round Robin as it’s memory intensive. I believe I read that 8.4 has an issue where it can run out of certain types of PAT ports (they try and group all ports below 1024 together, etc) that from what I gather is fixed in 8.51 <sigh>
Should look like this when done, I moved it to the top for clarity.
I recommend making this change separate from other work so it can be tested separately, TEST for a couple of hours make sure it is NATting and patting correctly under load is my advice.