A router is being added to create somewhat of a DMZ to separate servers from workstations. Simplified network topology attached. The existing ASA now must NAT Internet traffic for 10.4.0.0 as well as the newly-created 220.127.116.11 subnet. It should be noted there are other subnets in the 10.x.x.x range hanging off the ASA.
Here are the NAT commands currently in FWL1:
global (outside) 1 18.104.22.168 netmask 255.255.255.224
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.4.0.0 255.255.0.0
Simple but possibly dumb question... Just add a NAT (inside) 1 10.2.0.0 255.255.0.0?