I have a question on VPN map access list and routing in ASA.
I am considering a scenario of an ASA firewall with VPN tunnel configured for outside interface and has static or dynamic routing running.
An access list defines match for incoming traffic from inside interface. Matching traffic will be sent on the VPN tunnel. But what if I have a static route/dynamic route (respective of AD) that gives an exit way to the same traffic through some other interface (e.g. DMZ)?
Which will take preference here, the VPN map ACL or the routing table and why? Will the AD in the routing table affect selection between VPN and exit interface? Let's say static route will be on top of everything and traffic won't flow through the VPN tunnel.
Against what the traffic will be matched first? VPN map or routing table? I think it is access list then routing.
Actually I am trying to use this for failover between a direct connection through a middle interface and a VPN tunnel.