As another poster mentioned I dont know what your external router is doing but if you are having to enable the Nat-control feature on the ASA then this means that your external router may only be NATing the IP address of your external interface on your ASA. If you do a no nat-control this means that you 10.0.0.0/8 network is being NATed to your external interface with 10.0.0.0/8 or NAT 0 to make things a bit clear, The ASA will allow all your internal IP's to traverse the ASA but gets NATed with the same IP address as the source. If you enable NAT-Control on the ASA then in order for any traffic to flow the ASA will need a NAT statement which you mentioned with using
global (ourside)1 interface
nat (inside) 1 0 0
This will NAT all your inside IP to the public IP of your ASA, if your NAT statement is setup correctly on your external facing Router so that it will nat 10.0.0.0/8 to outside interface or pool of the router then you should be able to use the no Nat-control and things should work , again not knowing your network, these are a couple things to look at.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...