If we do not configure any static NAT in ASA but allow the access by access-lists does it work?
static(inside,outside) a.b.c.d a.b.c.d packet will exit without any change in IP address. Corresponding access-lists are cconfigured on the interfaces.
If we do not configure static in ASA and if proper routing is configured on ASA and also access-lists are configured on ASA , can the packet cross ASA?
What if the case is of PIX and not ASA?
Appreciate your help.
Thanks in advance
PIX and ASA works exactly in the same way.
From your description, here are a couple of scenario for consideration:
1) If the traffic is initiated from inside towards outside, you do not need to configure static NAT statement IF you have the following:
++ "no nat-control" configured
++ and there are no NAT statement configured on the inside interface at all.
If the above statement matches, then you only need ACL to allow outbound traffic.
2) If the traffic is initiated from inside towards outside, however, one or both of the above points do not match (ie: you either have "nat-control" configured, or you have 1 NAT statement configured on the inside interface), then you would need to configure the static statement as stated.
3) If the traffic is initiated from outside towards inside, then you would need to configure static NAT statement.
Hope that helps.