I'm guessing you are looking to forward inbound traffic to internal hosts? If so, you could configure either a VIP or MIP. If you use a VIP (many to one NAT), you could map a single IP to different ports to the same internal host. If you use a MIP, you can map an external IP to an internal IP (one to one). Once you setup the MIP/VIP, you can create a Policy from Untrust to Trust. Just make sure you have the correct address and service objects defined. Let me know.