As you know "nat-control" command was not there in 6.x version. But the default
behaviour back then was infact of "nat-control", meaning without a nat rule configured, inside traffic could not go outside.
However, in 7.x, the default is "no nat-control" which means inside traffic can
traverse the firewall towards outside even if there is no nat translation configured.
So basically with "no nat-control" you open up the door for the traffic to go through PIX even if there is no nat rule configured for that particular traffic.
Similarly for traffic from outside to inside with "no nat-control", you do not need any static defined either. The processing of an incoming packet continues (going through ACL and seeing if we should block it or
allow it, etc).
I think you should try the config on some test setup and confirm its working...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...