We have a PIX 515e running 7.0. It's working great, but the powers that be are forcing me to turn off NAT; As in "not my decision".
So the simplist way to achieve this is put in the line:
no nat control
Let's say I do this. I have a few questions on the how this will affect out site.
1) I assume the ASA inspection engine will still behave pretty much as before, other that using NAT translations? -- That is that stateful connections to lower security interfaces will still be permited, as before. But connections initiated to higher security interfaces will blocked as before? 2) Given that the above is more or less true, is the way to allow a connection from a lower to higher security interface still follow the general form of: a) static (inside,outside) ip_address ip_address netmask x.x.x.x b) an entry in the relevant access-list to permit this particular type of connection.That is to say, the biggest change I'll see is that connections to the outside don't appear to have the source address of my PIX's outside address.
Thanks in advance for any help.
B Squared ======================================================================= The average woman would rather have beauty than brains, because she knows the average man can see better than he can think.