I know that the static statement is used to access a higher security level interface from a lower security interface. Also, if you want to disable NAT you use the formula static (high,low) high high. I have used the same formula with the static command in accessing my dmz from the inside (going from higher to lower). Although, in Pix software verison 6.2 it says you need to use nat and global commands to go from higher to lower. There is also an example of this in the following link - http://www.cisco.com/warp/public/110/mailserver_dmz.html. Anyway, are both ways OK to use? Or is one better/more secure than the other?
Statics are for low to high and nat is used for high to low. You should follow this rule. Even is you disable NAT, you use static as it is still low going to high. Static from high to low isn't required as by default high has access to low (with nat command).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...