Hi,
By default, PIX deny any inbound access, except if permitted via ACL.
The rules to allow outside to access inside host/server is to use ACL to allow permitted services for inbound connection, static address mapping of internal server to external/public IP (assigned by ISP) and to have proper routing to external/internet.
In your case, you need to map your internal server, e.g 10.1.1.10 to a public IP, x.x.x.10 using static command, as follow:
static (inside,outside) x.x.x.10 10.1.1.10 netmask 255.255.255.255 a b
a-maximum connection allowed (optional, default 0)
b-embryonic (half-open) level (optional, default 0)
#Then, open access-list to only allow specific type of TCP/UDP services, e.g DNS (UDP 53), and deny others.
access-list outside permit udp any host x.x.x.10 eq 53
access-list outside deny ip any any
#Bind the ACL to the outside interface:
access-group outside in interface outside
#Define/verify routing:
route outside 0.0.0.0 0.0.0.0 x.x.x.1
*x.x.x.1 is the IP of the internet gateway
Static Map and Config guide:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml
*Look under "Using ACLs on PIX Versions 5.0.1 and Later"
PIX Config guide:
a.http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html
b.http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html
Rgds,
AK