we currently have several offices internationally. Each Office is considered an untrusted site, so we have firewalls between offices. Most of these firewalls started with Pix 6.3 but have been upgraded to 7.2. Many of the rules have been put in place to allow clients in offices to connect with specific servers in another office. Since These firewalls started on 6.3 code, we have NAT in place with an identity nat for all traffic going over the firewall. We do not actually NAT to different IP's (all of this is on an internal network with Private IP's). In order to access the servers, we have static nat commands (and in some cases, static nats for entire subnets). Now we need the ability to allow all clients to talk with all other clients on specific ports for a real time communications program.
I am assuming the only two options we have are adding static NATS for all subnets in our networks, or issuing the "no nat-control" and disabling nat all together. Since we do not actually NAT to different IP's (all of this is on an internal network with Private IP's), will we break anything by disabling NAT? I just hate to be the one pulling the trigger. Thank you for your help.