Observing NAT

1) Loopback interface is not outside/inside interface for NAT (Only for NAT on stick)

interface Serial1/1
 ip address 2.2.2.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
end
interface Serial1/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
end
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
end

ip nat inside source static tcp 192.168.1.1 23 3.3.3.3 23 extendable
ip nat inside source static tcp 192.168.1.1 80 3.3.3.3 80 extendable
ip nat inside source static 192.168.1.10 3.3.3.3 extendable

Pro Inside global      Inside local       Outside local      Outside global
tcp 3.3.3.3:23         192.168.1.1:23     2.2.2.2:35893      2.2.2.2:35893
tcp 3.3.3.3:23         192.168.1.1:23     ---                ---
tcp 3.3.3.3:80         192.168.1.1:80     2.2.2.2:58981      2.2.2.2:58981
tcp 3.3.3.3:80         192.168.1.1:80     ---                ---
icmp 3.3.3.3:17        192.168.1.10:17    2.2.2.2:17         2.2.2.2:17
--- 3.3.3.3            192.168.1.10       ---                ---

2) First configure "individual" ports for PAT then entry for "all other ports"

NAT-ROUTER(config)#ip nat inside source static 192.168.1.10 3.3.3.3

NAT-ROUTER(config)#ip nat inside source static tcp 192.168.1.1 80 3.3.3.3 80
% similar static entry (192.168.1.10 -> 3.3.3.3) already exists

xxx

NAT-ROUTER(config)#no ip nat inside source static 192.168.1.10 3.3.3.3

NAT-ROUTER(config)#ip nat inside source static tcp 192.168.1.1 80 3.3.3.3 80

NAT-ROUTER(config)#ip nat inside source static tcp 192.168.1.1 23 3.3.3.3 23
NAT-ROUTER(config)# ip nat inside source static 192.168.1.10 3.3.3.3

NAT-ROUTER#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 3.3.3.3:23         192.168.1.1:23     ---                ---
tcp 3.3.3.3:80         192.168.1.1:80     ---                ---
--- 3.3.3.3            192.168.1.10       ---                ---