Trying to get my asa 5505 to route between outside, dmz and inside without using NAT as all networks are internal. With NAT it works perfectly, but
when removing the nat rule of inside then the inside network cant reach internet (nor the /24 on the outside interface)
utside: dhcp (on 10.10.10.0/24)
When: no nat (inside) 1 0.0.0.0 0.0.0.0, then all tries of connection outbound times out. All I see in the asdm log is:
6|Sep 07 2010|11:22:46|302013|100.112.31.20|192.168.0.2|Built outbound TCP connection 527 for outside:100.112.31.20/80 (100.112.31.20/80) to inside:192.168.0.2/2710 (192.168.0.2/2710)
3|Sep 07 2010|11:22:46|106100|192.168.0.2|100.112.31.20|access-list outside_access_out permitted tcp inside/192.168.0.2(2710) -> outside/100.112.31.20(80) hit-cnt 1 first hit [0x3bdfb084, 0x0]
6|Sep 07 2010|11:22:42|302014|100.112.31.20|192.168.0.2|Teardown TCP connection 524 for outside:100.112.31.20/80 to inside:192.168.0.2/2709 duration 0:00:30 bytes 0 SYN Timeout
Yes, if the other firewall is performing the NAT, then you would need to make sure that you have routes for each of the internal networks pointing back towards the internal ASA outside interface ip address. Otherwise, the external ASA would not know how to route back towards the internal subnets. The reason why it works when you NAT the traffic to the internal ASA outside interface IP is because the internal ASA outside interface would be in the same subnet as the external ASA inside interface, hence, no routing is required.
Hope that makes sense.