Thanks for your reply Sheraz.

I will try to explain the network below:

192.168.0.0/16   inside ----<ASA>172.16.1.1/29 (outside)-----------172.16.0.0/21(remote cloud network)

I have been trying to workout if there is any particular need of this nat configuration. I am wondering if I change the NAT configuration to one of the following:

object network obj_inside_ip
host 192.168.1.1
nat (inside,outside) static 172.16.1.1

or

object network obj_outside_ip
host 172.16.1.1
nat (outside,inside) static 192.168.1.1

By configuring one of the above statement, nat will be bidirectional and not unidirectional like the already configured one.and if I change the configuration of nat to any of above one, would it work and what could be the security issues?

I have no idea what is the network lay out in your network. both rule set are correct but you need to make the decision which one you want to implement. better do it in change control window so you can revert back if some thing does not work or if you break some think.

Are you doing a dynamic nat in section 2. as you wrote the rule this will come in place under section 2 of nat rules. I suggest you to move them in section 1.

!

object network obj_inside_ip
host 192.168.1.1
nat (inside,outside) static 172.16.1.1

!

this above rule means the ip address 192.168.1.1/32 going outside will be translate to 172.16.1.1 and this above rule will be bi-directional. now if you connected to cloud server and have a connectivity to firewall outside link if you (for example, ssh/http/https/telnet you  need to connect to address 172.16.1.1)

!

object network obj_outside_ip
host 172.16.1.1
nat (outside,inside) static 192.168.1.1

this above rule means the ip address 172.16.1.1/32 going outside will be translate to192.168.1.1 and this above rule will be bi-directional. now if you connected to cloud server and have a connectivity to firewall outside link if you (for example, ssh/http/https/telnet you  need to connect to address 192.168.1.1 this also mean that you have a routing in place to reach this.)

if you keen to implement the rule as uni-directional than you need to implement the service objects.

Dynamic nat has been defined in the section 3, actually all Manual nat is in section 3 at the moment (same as i posted above)

nat (outside,inside) after-auto source static any any destination static obj_outside_ip obj_inside_ip unidirectional no-proxy-arp
nat (outside,inside) after-auto source dynamic any interface destination static remote_ip_range remote_ip_range

And yes you are correct, I have tested following rule this morning, and this falls under section 2. However this worked as expected.

object network obj_inside_ip
host 192.168.1.1
nat (inside,outside) static 172.16.1.1

I was able to connect to internal server from remote server via 172.16.1.1 and when I connected to from internal server (192.168.1.1) to remote, this was seen IP address as 172.16.1.1. Again as expected.

I was watching Real time logs of firewall via ASDM loggin and I could not see any logs for my test connection, I had searched using all 3 IP addresses in question:

Internal server: 192.168.1.1
Translated IP of internal server: 172.16.1.1
Cloud/Remote server: 172.16.5.100

I have some questions if you don't mind answering please:

Why do I have to move Auto NAT (static 1:1, bidirectional nat) to Section 1?
You had mention in previous reply "I see this above rule as more security protective" would you please explain what this is and what is disadvantage of using Auto NAT?
What could be the reason that Real time logs viewer is not capturing this information?

Many thank for your time in advance.

Why do I have to move Auto NAT (static 1:1, bidirectional nat) to Section 1?

i have not seen your configuration of all nat rules that is why i suggested to move your rule to section 1. as section one have a more priority than section 2 and section 2 has more priority to section 3.  as long as you are comfortable and the rules are working and you are happy that fine. no need for change.

You had mention in previous reply "I see this above rule as more security protective" would you please explain what this is and what is disadvantage of using Auto NAT?
What could be the reason that Real time logs viewer is not capturing this information?

let walk though on this nat rule.

"nat (outside,inside) after-auto source static any any destination static obj_outside_ip obj_inside_ip unidirectional no-proxy-arp"

section 3 nat rule, A packet from outside network with source address ip (real) any is going to (mapped) address any ip at inside  network  with destination static inside network (mapped) to outside network.

for example, to double check issue a command show nat detail it will give you a more detail of this rule.

with this above rule if you fine tune it for example instead of "any" use the nameif would be more beneficial. have a look on this  link

Sorry I couldn't reply earlier as I was away...

However, thanks for putting me towards right direction, I am sure I have understood correctly as below:

nat (outside,inside) after-auto source static any any destination static obj_outside_ip obj_inside_ip unidirectional no-proxy-arp

nat (outside,inside)
source static any any
destination static obj_outside_ip obj_inside_ip

When traffic on the outside matches:
     a source of any
     a destination of obj_outside_ip

Send it to the inside and translate...
     .. the source using a static translation to any
     .. the destination using a static translation to obj_inside_ip

Obviously due to unidirectional, this NAT statement will not work when request is initiated from inside (obj_inside_ip)