It's a bit more than a quick command, this link has a pretty good breakdown of it
1. First things first, you will need to know what port you want to forward, and where you want to forward it, for this example We will assume I've got a server at 10.254.254.5 and It's a mail server so I want to Forward all TCP Port 80 traffic ( HTTP ) to it. connect to the Firewall via Console/Telnet or SSH.
Petes-ASA(config)# object network Internal_Web_Server
Petes-ASA(config-network-object)# host 10.254.254.5
5. Then create a NAT translation for the port to be forwarded. then you can exit the network object prompt.
Petes-ASA(config-network-object)# nat (inside,outside) static interface service tcp http http
6. Now you need to allow the http traffic in. Before you can
add an ACL you need to see if you already have one. We are applying an ACL to the outside interface for traffic going in (I call this inbound for obvious reasons). To see if you already have an ACL applied, issue the following command;
Petes-ASA# show run access-group
access-group inbound in interface outside
access-group outbound in interface inside
Note. In the example above we have an ACL called inbound that we MUST use. (If you added a new one, all the access list entries for the old one get 'Un-applied'). If yours has a different name (e.g. outside_access_in then use that instead of the ACL name I’m using here). If you DONT have an access-group entry for inbound traffic then we will do that at the end!
7. Then: Only carry out the following command if you DO NOT HAVE an ACL applied for incoming traffic.