The securist way to do it allow only vendor source IP address.
E.g
Outside Vendor Public IP: 10.10.10.100
Inside Gateway Local IP : 20.20.20.100
Public IP for Gateway : 30.30.30.100
TCP Services , TCP port 4, and/or UDP 4
Create static NAT for your local IP system and assign public IP of 30.30.30.100
Static (inside,outside) 30.30.30.100 20.20.20.100 255.255.255.255 0 0
access-list outside_access_in permit tcp host 10.10.10.100 host 30.30.30.100 eq 4
access-list outside_access_in permit udp host 10.10.10.100 host 30.30.30.100 eq 4
access-group outside_access_in in interface outside
Rgds
Jorge
Jorge Rodriguez