2) Do you perform NATing at all going through this firewall? If you don't have NAT statement, you can configure "no nat-control" and you don't have to configure any static translation if you don't want to translate traffic between inside and dmz interface. However, if you have 1 NAT statement (eg: nat (inside) 1 0 0) then, you can't use this method.
3) You can also configure NAT exemption:
ie: if DMZ is 172.16.1.0/24
access-list nonat permit ip 192.168.128.0 255.255.248.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list nonat
In this case, you only need to configure more access-list lines (you can group all your internal network into wider subnets wherever possible).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...