i am working at a customer site whom has an ASA appliance on either side of their DMZ. The inside perimeter ASA is first in the path from the inside networks into the dmz. Then you cross the outside perimeter ASA to get to the Internet.
The inside perimeter ASA has an interesting configuration. I see static statements for networks (ex. static (inside,outside) 192.168.5.0 192.168.5.0 netmask 255.255.255.0) and then they also have (ex. global (outside) 1 172.16.1.4-
nat (inside) 1 192.168.5.0 255.255.255.0
Is this not redundant? Wont the static statement always override the dynamic global/nat combo? Is it safe to delete the dynamic NAT translations that are already represented on the ASA by static statements?