yes its a IOS router . So thats all required to make this work ? what about the access list which customer describe and any need to apply access list interface like inbound or outbound ?

the command i have provide for incoming traffic from outside to inside.

I was in impression inside to outside already working. if not the case please provide complete configuration so we can suggest better after reviewing the config.

Uplink coming from ISP 

interface GigabitEthernet0/0.304
description UPLINK-DIA
encapsulation dot1Q 304
ip vrf forwarding DIA
ip address 89.xxx.xxx.130  255.255.255.252
ip nat outside
ip virtual-reassembly in

______________________________________________________

Downlink going to customer LAN

interface GigabitEthernet0/2
description DIA-DOWN-LINk
ip vrf forwarding DIA
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto

Customer request : needs to configure Nat inside to outside as the below guide

nat (inside,outside) 1 source static 192.168.1.96-89.xxx.xxx.133 

access-list outside-acl extended permit tcp any host 192.168.1.96 eq 443 

Hi,

   This "nat (inside,outside) 1 source static 192.168.1.96-89.xxx.xxx.133 " is a static NAT, and on the ASA you had to explicitly allow traffic to flow from low-security to high-security via an ACL.

  On the IOS, as long as you don't run ZBFW, which you don't, traffic is allowed by default. So with the resented configuration you only need what was specified above:

     ip nat inside source static tcp 192.168.1.96 443 89.xxx.xxx.133 443

Regards,

Cristian Matei.