How does the ASA firewall ACL permiting traffic for two cisco 1811 site to site IPSEC? Site A and B connected through IPSec. Site A has a ASA firewall and this firewall only use to connect to an outsource application. If I need to permit acl_nonat , do I permitting public or private address of site B? Our problem is we use MPLS then everything works fine but after we switched to IPSec site to site then it broke. I am able to access everything on IPSEC site to site but except this outsource application.