Currently, we have a number of VPN's set up with various clients.  We are NAT'ing their range to a /24 in our network to keep routing simple, but we are looking to Source NAT our resources due to security concerns.  This is an example of a current VPN we have configured:

crypto map outside_map 5 match address SAMPLE_cryptomap

crypto map outside_map 5 set peer 99.99.99.99

crypto map outside_map 5 set ikev1 transform-set ESP-3DES-SHA ESP-3DES-MD5

crypto map outside_map 5 set reverse-route

access-list SAMPLE_cryptomap extended permit ip object-group APP_CLIENT_Hosts object-group CLIENT_Hosts

nat (inside,outside) source static APP_CLIENT_Hosts APP_CLIENT_Hosts destination static CLIENT_Host_1_NAT CLIENT_Host_1 no-proxy-arp route-lookup

nat (inside,outside) source static APP_CLIENT_Hosts APP_CLIENT_Hosts destination static CLIENT_Host_2_NAT CLIENT_Host_2 no-proxy-arp route-lookup

nat (inside,outside) source static APP_CLIENT_Hosts APP_CLIENT_Hosts destination static CLIENT_Host_3_NAT CLIENT_Host_3 no-proxy-arp route-lookup

object-group network APP_CLIENT_Hosts

network-object object SITE1_APP_JCAPS_Dev_VIP

network-object object SITE1_APP_JCAPS_Prod_VIP

network-object object SITE2_APP_JCAPS_Dev_Host

network-object object SITE2_APP_JCAPS_Prod_VIP

network-object object SITE1_APP_PACS_Primary

object network SITE1_APP_JCAPS_Dev_VIP

host 10.200.125.32

object network SITE1_APP_JCAPS_Prod_VIP

host 10.200.120.32

object network SITE2_APP_JCAPS_Dev_Host

host 10.30.15.30

object network SITE2_APP_JCAPS_Prod_VIP

host 10.30.10.32

object network SITE1_APP_PACS_Primary

host 10.200.10.75

object network CLIENT_Host_1

network-object host 192.168.15.100

object network CLIENT_Host_2

network-object host 192.168.15.130

object network CLIENT_Host_3

network-object host 192.168.15.15

object network CLIENT_Host_1_NAT

  network-object host 10.200.192.31

object network CLIENT_Host_2_NAT

  network-object host 10.200.192.32

object network CLIENT_Host_3_NAT

  network-object host 10.200.192.33

My question revolves around the configuration of the Source NAT.  If I understand it correctly, I am going to have to configure 3 NAT statements per Source NAT since there are three different destinations that are being NAT'ed.  I believe I would need to add this:

object network SITE1_APP_JCAPS_Dev_VIP_NAT

host 88.88.88.81

object network SITE1_APP_JCAPS_Prod_VIP_NAT

host 88.88.88.82

object network SITE2_APP_JCAPS_Dev_Host_NAT

host 88.88.88.83

object network SITE2_APP_JCAPS_Prod_VIP_NAT

host 88.88.88.84

object network SITE1_APP_PACS_Primary_NAT

host 88.88.88.85

nat (inside,outside) source static SITE1_APP_JCAPS_Dev_VIP SITE1_APP_JCAPS_Dev_VIP_NAT destination static CLIENT_Host_1_NAT CLIENT_Host_1 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_JCAPS_Dev_VIP SITE1_APP_JCAPS_Dev_VIP_NAT destination static CLIENT_Host_2_NAT CLIENT_Host_2 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_JCAPS_Dev_VIP SITE1_APP_JCAPS_Dev_VIP_NAT destination static CLIENT_Host_3_NAT CLIENT_Host_3 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_JCAPS_Prod_VIP SITE1_APP_JCAPS_Prod_VIP_NAT destination static CLIENT_Host_1_NAT CLIENT_Host_1 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_JCAPS_Prod_VIP SITE1_APP_JCAPS_Prod_VIP_NAT destination static CLIENT_Host_2_NAT CLIENT_Host_2 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_JCAPS_Prod_VIP SITE1_APP_JCAPS_Prod_VIP_NAT destination static CLIENT_Host_3_NAT CLIENT_Host_3 no-proxy-arp route-lookup

nat (inside,outside) source static SITE2_APP_JCAPS_Dev_Host SITE2_APP_JCAPS_Dev_Host_NAT destination static CLIENT_Host_1_NAT CLIENT_Host_1 no-proxy-arp route-lookup

nat (inside,outside) source static SITE2_APP_JCAPS_Dev_Host SITE2_APP_JCAPS_Dev_Host_NAT destination static CLIENT_Host_2_NAT CLIENT_Host_2 no-proxy-arp route-lookup

nat (inside,outside) source static SITE2_APP_JCAPS_Dev_Host SITE2_APP_JCAPS_Dev_Host_NAT destination static CLIENT_Host_3_NAT CLIENT_Host_3 no-proxy-arp route-lookup

nat (inside,outside) source static SITE2_APP_JCAPS_Prod_VIP SITE2_APP_JCAPS_Prod_VIP_NAT destination static CLIENT_Host_1_NAT CLIENT_Host_1 no-proxy-arp route-lookup

nat (inside,outside) source static SITE2_APP_JCAPS_Prod_VIP SITE2_APP_JCAPS_Prod_VIP_NAT destination static CLIENT_Host_2_NAT CLIENT_Host_2 no-proxy-arp route-lookup

nat (inside,outside) source static SITE2_APP_JCAPS_Prod_VIP SITE2_APP_JCAPS_Prod_VIP_NAT destination static CLIENT_Host_3_NAT CLIENT_Host_3 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_PACS_Primary SITE1_APP_PACS_Primary_NAT destination static CLIENT_Host_1_NAT CLIENT_Host_1 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_PACS_Primary SITE1_APP_PACS_Primary_NAT destination static CLIENT_Host_2_NAT CLIENT_Host_2 no-proxy-arp route-lookup

nat (inside,outside) source static SITE1_APP_PACS_Primary SITE1_APP_PACS_Primary_NAT destination static CLIENT_Host_3_NAT CLIENT_Host_3 no-proxy-arp route-lookup

Is that correct, or is there an easier way to do it without having to add all the NAT statements?  Also,would any changes need to be made on the access-list?