Jut to add something else, the nat-control will make you to do NAT or translation for every packet traversing the firewall from higher to lower. That is why you will need to use either nonat or the global inside, note that if you use the global inside, you will not be able to access internal resources from the DMZ to the inside using their real IP addresses.
If you use nat0 you will be able to access the DMZ plus the DMZ (if there is an access rule applied) will be able to access the inside network.
I can access the servers from outside without problem through the public address, and from the inside I can access throught the private address, but if I try reach the servers from the inside network through the public address of the servers, I do not have access. And I do not have any rule that can blocked the traffic.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...