We have a nat 0 (inside) acl-nonat config statement that defines an acl to not nat internal 10 networks to specific external networks. In addition, we have remote VPN connections that terminate on the ASA5520, and we need to have the 10 networks at the remote sites not nat to external networks as well.
My questions are:
1) Can I setup a "nat 0 (outside) acl-nonatremote" command to nonat these remote users?
2) Can a nat 0 (inside) aclxx1 coexist with a nat 0 (outside) aclxx2?
3) Will implementing the nat 0 (outside) command cause an outage during the implementation or will it be a transparent change? (i.e. some nat acl's must be removed and reapplied to allow them to take affect in the correct order).
Any feedback would be appreciated.
Don't worry, you are on the right track. Just one more thing, if you have a "global (inside) 10", then you would need to add the inside subnet/ network in the acl-remotenonat as destination.