I have some questions about "nat" "global" config and static mapping.
If I have the following:
security level 100
security level 25
security level 50
security level 75
global (DMZ3) 1 interface
global (DMZ2) 1 interface
global (DMZ1) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (DMZ2,DMZ1) 192.168.2.1 192.168.2.1 netmask 255.255.255.255
static (DMZ3,DMZ1) 192.168.3.1 192.168.3.1 netmask 255.255.255.255
static (inside,DMZ1) 10.1.1.10 10.1.1.10 netmask 255.255.255.255
static (inside,DMZ2) 10.1.1.10 10.1.1.10 netmask 255.255.255.255
static (inside,DMZ3) 10.1.1.10 10.1.1.10 netmask 255.255.255.255
Is the traffic flow for the "nat" "global" statement stricktly for inside out?
For example I am telling the ASA to allow any host on the inside interface to communicate with anything on the three different DMS interfaces, and to use the ip address of the interface to do this communication.
If so, is this one-way, for traffic originating from the inside interface to the other interfaces?
Or, are the static mappings I have here doing the same thing, but take priority over the "nat" "global" statements?
Which would mean that host 10.1.1.10 can communicate with any of the other three DMZ interfaces and will be seen as 10.1.1.10 and with this mapping alone, communication would be both ways (with an access-list from lower security to higher security interface).