ASA5505 & Cisco Router 3825 - Double NAT w/ Port Forward

[mob46x]

I have been brainstorming over this for a few days and need help. This is my Cisco LAB environment used for study but also in production for daily use. I am trying to setup a double-NAT network with just one IP from my ISP through the ASA & 3825 going to (2) end nodes and multiple ports for port forwarding. It is currently working but only as simple PAT and I cannot initiate FTP from the outside. I know some may suggest removing the router, but this is my study LAB and it's a bit unconventional for learning purposes. I attached the diagram and would really appreciate it if you could provide some pointers, tips, parts of the config. I have done quite a bit of reading on different forums but cannot seem to grasp the concept. Thank you…

 

[burtsbees]

Out of curiosity, why double NAT? One option may be Identity NAT in the ASA, then NAT in the router...

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY