Hi. Is it true that i would need both an acl allowing packets from a lower security pix interface and a static nat in order to allow ip traffic to flow from a lower security interface to a higher security interface. The reason i am asking is that i am considering placing some basic servers in a dmz int of my pix with security level of 50. My internal network is within security 0. I want my internal network to access my dmz servers but using only acceptable ports which i will set using an acl going out the dmz interface. But i also need my active directory and other servers to update my workstations within the inside network.
Thanks in advance.