Hi,
You can get this done via MIP or VIP.
On you Vendor side interface, create a MIP - 192.168.10.10, mapped to 172.16.10.10. Then create a policy, from Vendor zone to server zone, from any source (or specify the source IPs), to MIP (192.168.10.10), Any service (or specify what you want to allow) and selce Action - permit.
Any traffic reaching the firewall from Vendor side and destination IP = 192.168.10.10 will be translated and sent to the server.