The problem is that when you using the public interface IP and port for the static mapping you can then no longer use it for access to the 3140 itself.
Your options are:
- Route a second public IP to a loopback address and statically destination NAT to the loopback for configuring your devices.
- Use port-translations so that a different public port maps to the inside device than is used for accessing the 3140.
ip access-list extended device-access
remark inside device access
permit tcp any host xx.xx.xx.58 eq 8080
interface gigabit-eth 0/1
ip address xx.xx.xx.58 255.255.255.252
ip access-policy Public
ip policy-class Public
nat destination list device-access address 10.30.30.10 port 80
Now pointing a browser to the public IP xx.xx.xx.58 on port 80 gets to the Adtran 3140 but pointing a browser to xx.xx.xx.58:8080 takes you to port 80 of the inside device. Obviously you can build multiple access-list and nat destination pairs for different services and inside IPs.
The Adtran firewall web GUI actually does a fairly decent job of this but you wind up with wacky names for the access-lists which makes for fun reading trying to decipher the config later.