Hi there. You will need to configure three things:
1. Static PAT (NAT) that maps the public to private IP on the desired port. Here is a sample config:
object network CCTV
host 192.168.1.254
nat (inside,outside) static 1.1.1.1 service tcp 80 80
2. ACL that will allow traffic from our lower security level interface (for instance "outside") to a higher security level (for instance "inside")
access-list OUTSIDE_IN extended permit tcp any host 192.168.1.254 eq 80
3. Apply the access-list to the "outside" interface:
access-group OUTSIDE_IN in interface outside
You can also use "packet-tracer" to confirm and troubleshoot this and any future configurations. Info on packet-tracer:
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer
I hope this helps!
Thank you for rating helpful posts!