Hi all. My office is using cisco asa 5510 as firewall and is connected to
office/dmz/internet networks. I allow my office network traffic to access dmz network but deny vice versa. To allow my office network to access dmz network i can either do NAT or NAT exemption. Using NAT would conceal my office PCs ip when they access dmz as they will be translated to a dmz ip. But it would be tough for me to do traffic monitoring in dmz as they are to many NAT done. Hence i would like to know what is the industry practise? NAT or NAT exemption? Pls advise. Thks in advance.