HI, I am having a problem getting my head around destination NAT.. Problem I have is that I need to NAT all requests from specific IP's going to destination IP 10.aaa.bbb.x to another IP in our VM environment on 10.aaa.ccc.y. This is to assist in the migration of service from 1 server to another. so was thinking I need an ACL to sort the traffic out, and a destination NAT to change the destination IP so that all requests go to the modified one. only problem being, that I cant do static NAT based on destination... So, do I need to reverse the process as such so that my inside interface becomes the outside and vice versa? giving IP nat outside source 10.aaa.bbb.x 10.aaa.ccc.y (outside int being the one with the new VM host in it) access-list 100 permit IP host 10.aaa.eee.f 10.aaa.bbb.x (where f,g,h,i are specific individual hosts) access-list 100 permit ip host 10.aaa.eee.g 10.aaa.bbb.x access-list 100 permit IP host 10.aaa.eee.h 10.aaa.bbb.x access-list 100 permit ip host 10.aaa.eee.i 10.aaa.bbb.x int gi1/0/1 (where this int is the DG for the VM environment where the new host IP resides) ip add 10.aaa.ccc.$ xxx.xxx.xxx.xxx ip nat outside int gi1/0/6 ip add 10.aaa.ccc.$ xxx.xxx.xxx.xxx ip nat inside (where this is our old host, which we need to keep active until all hosts are migrated over) route-map NAT permit 10 match ip address 100 Cheers