Hi,
As stated in the ScreenOS documentation (sorry for a lengthy citation):
"Mapped IP (MIP) is a direct one-to-one mapping of one IP address to another. The
security device forwards incoming traffic destined for a MIP to the host with the
address to which the MIP points. Essentially, a MIP is static destination address
translation, mapping the destination IP address in an IP packet header to another
static IP address. When a MIP host initiates outbound traffic, the security device
translates the source IP address of the host to that of the MIP address. This
bidirectional translation symmetry differs from the behavior of source and destination
address translation"
Besides, the MIP overrides the policy based src-NAT. So, if you configure a Trust-to-Untrust policy and enable a src-NAT to a DIP or to the egress interface IP, all mipped hosts will be src-natted to their MIP IPs while all other hosts will be src-natted as configured in the policy.
You will never get problems with authentication because all IP mappings are persistent.
The logs on your authentication device are useless if IP mappings change permanently. With MIPs you know always exactly who is/was doing what.