Good day everybody!
I am just asking a possibility. My scenario is simple: 3 interfaces (inside, outside and dmz) and their security levels are 100, 0 and 50, repectively. Is there a way to route the traffic from inside to dmz (without changing source IP address after passed through the firewall) while still allow NAT between inside and outside interfaces? If there is, could you please also post necessary configuration here? Thank you!
config looks fine to me, except for the stray "outside" on the end of "nat (inside) 0 access-list ACL_dmz. The "outside" keyword should be added if the interface with the nat statement is on a lower security level than the interface you identify by the matching global statement,
With OS v7.x or 8.x you could just turn off NAT for the whole firewall - "no nat-control". This means NAT is used if defined, else everything is assumed to be no-NAT.
Also with v7.x you could do a packet capture on the dmz interface to see what's happening.