You need to define the NAT pool with both the src-nat and dst-ip first. They are both contained in the same pool, that is why you only see the choice for one in the ACL creation.
The following is an example how I've used dual-nat in the pat.
Scenario:
- Guest Network
- Customer has Citrix and Mail servers that it wants to allow access to on the Guest network (employees use the Guest network with personal devices)
- External DNS servers are used on the Guest network, so when the user's attempt to resolve the hosts above, they get the external IP address
- A combination of network firewall and routing of this enviroment would not allow this traffic out and back in through the external IP, we need to redirect the requests to the internal IP
- We setup a dual-nat rule to handle this. The src-nat portion was used for NAT'ing the guest traffic to a particular IP (using a pool). The dst-nat portion was setup to redirect requests to the external IP to the internal IP.
Commands:
ip NAT pool portal-dual <beg.src.nat.ip> <end.src.nat.ip> <dst.nat.ip.address>
any host x.x.x.x svc-https dual-nat pool portal-dual 443