We currently have a customer connecting to one of our sites via VPN tunnel.

The Crypto ACL is configured for an internal subnet on our side.

The customer has requested access to a couple of servers in a DMZ, but want to access the servers via the same subnet as the internal subnet on our side.

I believe this can be done with a twice NAT config, but the ASA also has a static one to one NAT of these hosts to a public IP Address.

I am wondering, if since the Twice NAT is translating to a specific destination subnet on their end, if we place the twice NAT above the one-to-one NAT to public IP Address, if it will cause a problem with the one-to-one NAT and cause it to not translate traffic. Here is what I am thinking:

!
object network E_NAT
host 10.9.0.71
!
object network Expressway-E_NAT
host 10.9.9.73

!
Nat (DMZ,Internet) 1 source static E_Normal E_NAT destination static CBTS CBTS route-lookup
!
Nat (DMZ,Internet) 1 source static Expressway-E Expressway-E_NAT destination static CBTS CBTS route-lookup
!

There are also a static one to one NAT translation from DMZ to Internet interface. My question is, since the lines added are first and to a specific destination (CBTS),
Will the below lines still be doing the static one-to-one translation, or will the twice NAT translation cancel out the below translations?

object network E_Normal
 nat (DMZ,Internet) static E-Public

object network E_Normal
 host 192.168.100.14

object network E-Public
 host 1.2.8.123

nat (DMZ,Internet) source static Expressway-E-private Expressway-E-Public

object network Expressway-E-private
 host 192.168.100.8

object network Expressway-E-Public
 host 1.2.8.125