So the above NAT configuration basically has a Dynamic PAT from "outside" to "inside" and it also has a NAT0 configuration for all traffic from "outside" to any other destination subnet/interface though it does have a line that prevents NAT0 when the destination IP address for a connection is 10.0.0.2
I guess in your situation you would be fine with just a single NAT configuration in the new software. You would configure a type of Dynamic Policy PAT configuration where the Dynamic PAT translation would be performed from "outside" to "inside" only if the destination IP address is 10.0.0.2.
object network SERVER host 10.0.0.2
nat (outside,inside) after-auto 1 source dynamic any interface destination static SERVER SERVER
The above configuration would match traffic coming from behind "outside" interface from "any" source address and destined to destination address "SERVER" and the source address would be translated to the "interface" IP address which in this case is the IP address of the "inside" interface. You could use a different IP address and in that case you would configure an additional "object" and configure the IP address under that object and use that object in the "nat" configuration instead of the parameter "interface".
Any traffic that did not match the above NAT configuration would go through the firewall (if allowed by all the other configurations) without any NAT, so you dont really require a NAT0 configuration in this case.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...