Because static translation always stays active, hosts from less secure networks can initiate communications to the statically translated local hosts, as long as the access list rules on the ASA permit such traffic
Recall that the following pieces of information are required every time you want to configure NAT on Cisco ASA :
- original source IP address (and port) in the packet
- interface where the original packet enters the ASA (ingress interface)
- interface where the packet will exit the ASA (egress interface)
- translated address (and, optionally, port) to insert into the packet