The answer to your question is static translation(see point 2 below) the static cmd is used to map outside address to the inside address and youll need a access-list (ACL) to allow the outside traffic into your inside network.
What sort of service are you trying to permit via your firewall? What PIX IOS are you running? If its any of the following services then please use the ACLs below.
The best way to write the ACL would be on a text-editor first such as notepad and then use copy and paste back onto the PIX config, makesure that you are in PIX config mode. Also, remember to save your config with cmd : wr m (write memory), and remember to place a no access-list outbound cmd as the first line of your modified ACL, this way when you paste back the ACL the old copy (if any) will be replaced correctly with the new copy of the ACL.
Use cmd clear xlate after you have made the modifications on your PIX.
The ACLs below are for www access, https access, pop3/smtp access and domain access, you can modify them for your own use.
If you need to let traffic back in then please follow the instructions on point 2 below.
1 - ACL for outbound connections:
access-list outbound remark www
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq https
access-list outbound remark email
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq pop3
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq smtp
access-list outbound remark ns
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq domain
access-list outbound permit udp 192.168.10.0 255.255.255.0 any eq domain
access-group outbound in interface inside
If you use inside local servers (proxy, NS, SMTP) use only host address in these access-lists.
2 - SMTP
Dont forget to open inbound connection for incoming emails on outside interface.
I dont have any problem with what you have discussed above..My only concern as i've posted on my original queery is the counterpart in PIX of the EXTENDABLE port option in the router. The router has the ff. command
ip nat source static tcp 192.168.150.1 397 IP(public) 397 extendable
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...