andrius b.,
In the instructions on how to connect your controller to a cable modem here: http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Connect-your-Aruba-Controller-to-a-Cable-Modem/m-p/951/highlight/true#M64 there is an ACL that you put on the uplink of the controller to allow DHCP from the cable modem:
ip access-list session controller-uplink-acl
any any svc-dhcp permit
any any any deny
To do what you want, on a line right before the "any any any deny", you would put the line:
any host 45.24.65.122 tcp 18004 dst-nat ip 10.1.100.199 18004
The combined ACL would look like this:
ip access-list session controller-uplink-acl
any any svc-dhcp permit
any host 45.24.65.122 tcp 18004 dst-nat ip 10.1.100.199 18004
any any any deny
Then you would apply the "controller-uplink-acl" ACL to the uplink to your cable modem like this:
interface gigabitethernet 1/0
ip access-group controller-uplink-acl session
That is assuming that interface gigabitethernet 1/0 is your uplink.
Basically the destination-nat statement looks for any traffic going to the public address of 45.24.65.122 on tcp port 18004 and it rewrites it to go to 10.100.1.199 on port 18004. For the traffic to even hit the ACL, the controller needs to have the public ip address of 45.24.65.122, otherwise it will not be processed. In addition, the controller needs to be able to route the traffic to 10.100.1.199. It also needs to be able to return any traffic out to the internet to respond.