One of the basic questions that every administrator have is about configuring static NAT for the services they provide for their customers (mail/web/application/VoIP etc). I have myself answered this question a lot of times in Experts-Exchange. So here is the standard configuration;

Cisco PIX Firewall :

static (inside,outside) <PublicIP> <Private IP> netmask 255.255.255.255

access-list <Name> permit <Protocol> any host <PublicIP> eq <service>

access-group <Name> in interface outside

So using the above if I want to allow web server access, the configuration would be as below; Assuming Public IP = 11.12.13.14 and Private IP = 10.10.10.10

static (inside,outside) 11.12.13.14 10.10.10.10 netmask 255.255.255.255

access-list Outside_In permit tcp any host 11.12.13.14 eq 80

access-group Outside_In in interface outside