I was wondering whether anyone could advice on best practices as to the best way to redirect multiple ports for single host in the internal network.
As I understand this you can only nat a single port per object. This caused a bit of a litter around in a config as I have to specify individual objects for the same host (IP) to redirect individual ports.
It looks as follows:
object network ratatouille-4569
nat (inside,outside) static interface service udp 4569 4569
object network ratatouille-ssh
nat (inside,outside) static interface service tcp ssh ssh
Now this approach have few obvious problems (especially if you've more complex/more rules) eg. if you need to change that internal host's IP address, you've to do this for each object individually.
In this specific case, I have 7 ports to redirect to this specific host.
I'd appreciate any advice about best-practice as how to do this.
It's imposible. You need to either specify each of the mapped ports manually or just set up a regular static NAT for all the TCP / UDP ports:
... and control desired ports with ACL assigned to outside interface
access-list ratatouille-port-control permit tcp any host ratatouille.inside.IP eq 22 access-list ratatouille-port-control permit tcp any host ratatouille.inside.IP eq 4569 access-list ratatouille-port-control permit tcp any host ratatouille.inside.IP eq 8080 access-group ratatouille-port-control outside in