I have a ASA 5520 with nat Control enabled in my job. This firewall is very critical for bussiness process, so I'd like to confirm with you what happen if I disable this control. This command is an update legacy of the IOS version from a Cisco PIX to this ASA.
I read alot about it and for my perspective is not going to happen nothing if a disable this control of the ASA. The only thing is the security fails on the Acl's of the interfaces.
In short, to my understanding, when NAT-CONTROL is enabled you will always need a NAT rule that applies to the traffic going through the firewall. If the traffic doesnt have any NAT rule configured it doesnt go through.
On the other hand if the NAT-CONTROL is DISABLED the traffic doesnt (necesarily) need a NAT rule.
Access-rules are best handled by using ACLs and not relying if NAT configuration exists or not.
Also I have never relied on the interface security-levels to define what traffic is allowed
A small portion from a Cisco document for ASA 8.2 software level regarding "nat-control"
By default, NAT control is disabled; therefore, you do not need to perform NAT on any networks unless you want to do so. If you upgraded from an earlier version of software, however, NAT control might be enabled on your system. Even with NAT control disabled, you need to perform NAT on any addresses for which you configure dynamic NAT