I want to make sure I understand how the nat requirements work on asa v8.0 when inter-interface is set. Background:
nat control is off.
same-security-traffic permit inter-interface is on.
"inside" and "MPLS" interfaces are both at security level 100.
"outside" is, of course, as security level 0.
The relevant config looks like this:
ip address <public IP>
no ip address
ip address 192.168.2.1 255.255.255.0
ip address 192.168.3.1 255.255.255.0
access-list inside_nat0_outbound extended permit ip any Net-192.168.105.0 255.255.255.0
access-list MPLS_nat0_outbound extended permit ip any Net-192.168.0.105 255.255.255.0
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 101 Net-192.168.0.0 255.255.0.0
nat (MPLS) 0 access-list MPLS_nat0_outbound
nat (MPLS) 101 Net-192.168.0.0 255.255.0.0
static (MPLS,outside) <public IP> <MPLS internal IP> netmask 255.255.255.255
static (inside,outside) <public IP> <inside internal IP> netmask 255.255.255.255
Am I correct in thinking that traffic will pass between inside (192.168.2.x) and MPLS (192.168.3.x) in either direction with NO natting, assuming the access-groups assigned to the interfaces permit the traffic?