To forward a port to a device behind the firewall on your inside subnet, follow the steps below:
Using the ASDM, Add Network Object under the Configuration/Firewall/Objects/Network Objects/Groups settings.
Provide a Name, select Host and enter it’s IP Address.
Check the Add Automatic Address Translation Rules box.
Ensure the Type is Static.
Set the Translated Addr to outside.
Click on the Advanced… button.
Set the Source Interface to inside and the Destination Interface to outside.
Select the correct Protocol Service, then enter the correct Real Port and Mapped Port.
Add Access Rule under Configuration/Firewall/Access Rules.
Set the Interface to inside.
Set Action to Permit.
Set Source to any
Set Destination to the device you are forwarding the port to.
Set the Service to the Protocol/Port you are forwarding.
In the toolbar in the ASDM, select Wizards/VPN Wizards/Site-to-site VPN Wizard…
Step 1: Click Next on the Introduction screen.
Step 2: Enter the Peer IP Address for the remote site and ensure the VPN Access Interface is set to outside, click Next
Step 3: Browse the Local Network by clicking on the three … to the right of the Local Network field.
Select inside-network and click on the Local Network button, then click OK
Enter the Remote Network IP/Class for the remote subnet, Example(10.10.1.1/24) then click Next
Step 4: Select Simple Configuration, enter the Pre-shared Key and click Next
Step 5: Exempt the Inside interface by marking the box with a checkmark and click Next
Step 6: Review the configuration and click Finish if everything is correct, click Back to make any changes needed.
Uncheck IKEv2 Enabled checkbox, then click Edit on the Connection Profile you just created.
Verify the appropriate IKE Policy is used in the Ipsec Settings/IKE v1 Settings/Encryption Algorithms, if not, click Manage and Add it.
Click Apply, then Save