I have a very basic ASA that is using the default VLAN1 for internal private subnet and VLAN2 for public subnet. I want to add a third subnet VLAN3 that will be private, security level 100 and NATed out the ASA. I also want to be able to communicate freely between VLAN1 and VLAN3. So question is:
Should I use a third physical port configured as access port for VLAN3?
Or, should I make the existing VLAN1 port a trunk port and add VLAN3 to it?
In either case, if I add, "same-security-traffic permit inter-interface" or "same-security-traffic permit intra-interface" would this be enought to allow both private nets to talk?
That depends on what you want for your network design,
I simply want the two private nets to talk to each other thru the ASA without NAT or rules and for both of the private nets to be NATed to the public. Don't know of any easier way to state that. I guess I want the ASA to be a router?
The ASA is running 6.3 and I believe the nat-control doesn't come into play until 7.x, no?
What is the ASA version, You just told us 6.3 but that is for ASDM.
Okey if that is the case you could use Identity NAT and just the same-security and that will do it
Is just nat X to X.
So its like translate something to itself