add 2nd public IP on pix 501

Start with

show access-group | include outside

This will show you an access-group command such as

access-group ACL_OUTSIDE_319 in interface outside

The word after the "access-group" is the name of an ACL that you will have to modify. Whatever ACL name it is, use that where I show ACL_OUTSIDE_319 below. Also, the public IP you want to use for the video server should be used where I put PUBLICIP below. (Note: the _319 is completely without meaning here: it's just an arbitrary name for the purpose of illustration.)

Now, configure the following in config terminal

static (inside,outside) PUBLICIP 192.168.20.20 netmask 255.255.255.255 access-list ACL_OUTSIDE_319 permit tcp any host PUBLICIP eq 100

If the video server uses UDP instead of TCP, change that line to udp .

I'm assuming here that you already have an access-group applied to your outside interface, as otherwise you wouldn't be able to have any incoming email and you wouldn't be able to run a web server inside. But if I'm misinterpreted, and your mail server is outside somewhere and you presently are not offering any services at all, then nothing will show up when you do the "show access-group". In that case, instead of worrying about using the same name, just use whatever meaningful name you want, such as:

access-list Out2In permit tcp any host PUBLICIP eq 100 static (inside,outside) PUBLICIP 192.168.20.20 netmask 255.255.255.255 access-grou Out2In in interface outside

Once you have made the above changes and tested it out, command

write memory

otherwise, the next time your PIX rebooted it would forget about the changes.