I'm not talking about clearing the translations, but a "clear translation"...for example:

static (inside,DMZ) 10.1.25.0 10.1.25.0 netmask 255.255.255.0 0 0

The goal of this is to not have to do real NAT translations between the DMZ and the inside.

Hope that makes more sense.

Gotcha. The clear xlate in your title is what threw me off.

At any rate, you still have to do that on the ASA.

That's NOT correct. The answer is, like everything else in life, "it depends".

Let say you just use the ASA just like a router. In other words, there is no NAT between inside and outside and inside and dmz, your first option is this:

no nat-control (which is enabled by default on the ASA or Pix 7.x anyway

However, if you have something like this:

nat (inside) 1 0 0

global (outside) 1 interface

When you do this, you will immediately revert the ASA code, in term of NAT, back to the 6.3.x code. Therefore, if you want to go from inside to dmz, then what deyster94 stated is correct.

Confusing, isn't it?

Ok, well i still want my natting from Inside->Outisde and DMZ->Outside.

I'm looking for clear translations between the Inside->DMZ and i still want the firewalling in place Inside=100 DMZ=50.

Is this still accomplished with the static statements or is there a new way? the whole reason i ask is i'm using the GUI and don't see the way to do it. Unless i just feed it in Configuration->Nat->Add Address Translation Rule and pick "same address"?

yeah, i'm a command line guy at heart, but last time i tried an import from a newer pix into an ASA there were lines in CLI that i could never find displayed in ADSM. Now either I just could never find where they were displayed, or not all the commands were supported in ADSM yet.

either way, it made me a little hesitant in switching back and forth between CLI and the GUI. Since i've got to let others touch this firewall, we're going GUI :)

Thanks for the info!