for outgoing NAT, use ip nat-inside on the vlan interface that the 192.168.1.100 address lives in
for incoming port nat on the trunk port, create an access-list with the desired rule, something like the below.
* note * do your own testing on this, the below is untested
ip access-list session nat_thing
any host 20.0.0.1 tcp 80 dst-nat 8010 ip 192.168.1.100
user any any permit
!
now go to the interface and apply the ACL
interface gigabitethernet 0/0/1
ip access-group nat_thing session
!
CLI commands to verify the behavior:
show datapath session | include 20.0.0.1,192.168.1.100
show acl hits
hth.