Re: no communication between same security interfaces
The static line is required because you have nat/global configured for those 192 and 10 networks.
Once you provide a nat/global then, the flow will require translation for any other flow between any other interfaces meaning NO NAT-CONTROL will not have any effect and it will be considered NAT-CONTROL. We just provided the identity translation that it needs.
That is all.
If you did not have the nat/global for both these networks then, the no nat-control in the configuration would have kicked in and there would not have been a need to add identity static to get this to work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...