Im new here.... i have CCNA knowledge and im rather new to firewalls.
My new workplace has a 515 installed, so i started reading about PIXs to see whats going on !!!
in the configuration i have 'nherited' i have the following lines about NAT
global (outside) 1 interface
global (DMZ-Database) 1 interface
global (DMZ-App) 1 interface
nat (inside) 0 access-list IN-OUT-NONAT
nat (DMZ-Database) 0 access-list DMZ-DAT-NONAT
nat (DMZ-App) 0 access-list DMZ-APP-NONAT
From studying i realize that whoever did the conifuration used the NAT command and the identifier (0) to specify that he DOES NOT WANT NAT Translation ...RIGHT ???
Now, in his GLOBAL commands he specifies the outbound interfaces that have to use the interface IP Address ??? Am I correct ???
If i am correct in both cases then isnt this a clashing issue...
he first specifies that he does not wish any NAT translations, and then he specifies that the outbound traffic to (outside), (DMZ-Database),(DMZ-App) must use that interface's IP Address !!!!
Am i missing something here ???
Please note that all the access-lists which are used int eh NAT commands all specify PERMIT IP ANY ANY !!!!
Thanks in advance,