ASA Config Notes
External Object
object network ip-5.2.2.1-label host 5.2.2.1
Internal Object with 1:1 NAT Mapping
object network ip-10.10.10.2 host 10.10.10.2 nat (inside,outside) static ip-5.2.2.1-label
Internal Object with Port Forwarding
object network ip-10.10.10.2 host 10.10.10.2 nat (inside,outside) static ip-5.2.2.1-label service tcp 8080 80 * Internal port then External port *
Permit Traffic
access-list inbound permit tcp any host 10.10.10.2 access-group inbound in interface outside * See Sources #2 *
For blocks of IPs that are not assigned to an interface you need the following:
arp permit-nonconnected
object network <object name> host <ip address of host> nat (lan_colo,outside) static interface service tcp <server port> <externally facing port> access-list <rule name> extended permit tcp any object <object name> eq 3389 access-group <rule name> in interface <name if (outside)>