And ofcourse your normal access-list bound to the outside interface for the permitted protocols to your server, but I guess you have that allready.
The trick here is, as you can see, to put the normally used nat and global command on it, and also the normally used static command, but, in addition to that, you have to prevent the returning traffic from your server from being natted by the nat and global commands. That is where the nat 0 with access-list nonat kicks in, this will prevent returning traffic from being dynamicly translated (nat 0 is no translations), but since there is also a static translation in place translation does occure since there is an entrie in the xlate table for every static used.
This will do the trick. I hope this makes sence to you. Otherwise do not hesitate to ask :-)))
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...