ASA 8.2 OS and below
static (inside,outside) tcp 78.109.174.100 80 “your internal ip” 80
static (inside,outside) tcp 78.109.174.100 https “your internal ip” https
static (inside,outside) tcp 78.109.174.100 21 “your internal ip” 21
access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq http
access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq https
access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq ftp
access-group OUTSIDE_TO_INSIDE in interface outside
ASA 8.3 OS and above
object network SERVER1
host x.x.x.x (internal server IP)
nat (dmz,outside) static PUBLIC_IP service tcp http http
object network SERVER2
host x.x.x.x
nat (dmz,outside) static PUBLIC_IP service tcp https https
object network SERVER3
host x.x.x.x
nat (dmz,outside) static PUBLIC_IP service tcp ftp ftp
object network PUBLIC_IP
host 78.109.174.100
access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER1 eq http
access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER2 eq https
access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER3 eq ftp
access-group OUTSIDE_TO_INSIDE in interface OUTSIDE
****The ACL references the “internal ip address” and not the external as in older ASA OS.