I have to set up a site-to-site VPN, standard stuff really. However.... on my remote PIX I have been asked not to enable the NAT or Global commands.
The PIX has a 172.16.31.0 /29 address on its inside interface and a public IP address on it's outside interface. My crypto ACL's permit traffic from this LAN to a remote LAN. The PIX then tunnels the traffic to the remote firewall peer (another PIX).
Ordanarily I would have nonat statements in my config but not so in this case. The PIX will not provide any Internet connectivity, it is simply there to provide this 1 x VPN connection.
Is this valid. I aim to lab it up tomorrow but my curiosity is getting the better of me.