For those who had been working with Cisco routers, setting up a Cisco ASA stateful policy is as simple as setting up an ACL. By default, ASA would drop any TCP connection that doesn’t have a session record created with a sync packet. In that case user doesn’t require to a setup ACL for return traffic like working with routers.
In this example, we have 192.168.104.250/32 as the server in the DMZ and have the have NAT 1 to 1 incoming traffic mapping applied to allow internet user accessing the http service only.
The IP address of the firewall is 10.50.2.10/29, and we will assign the mapping of the server to another external IP address of 10.50.2.11