Yes, I saw that, except it's for 7.x only *and* the latest Pix OS that will run on a 520 w/ 16mb of flash is 6.3(5) (iirc).
Just to reitterate: I'm looking to do is enforce a "block all except ACL" policy. In the configuration at hand, there is no concept of a "DMZ", "WAN", "Inside", etc.
I *can* apply "nat (vlan#) 0 acl" with a different respective ACL to each interface using access-group, no problem, but I need the equivilant syntax for 6.x (unless there's some magic to getting 7.x on a Pix 520)
The release notes for 7.0(4) say 16mb flash min requirement, but they don't mentio the 520 at all (unless that's an attempt to marginalize it)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...