Traffic across firewalls passes through the access rules. In PIX devices, single ACL is matched to a traffic, whereas in Cisco ASA 5500, traffic is matched to two ACL's (ingress and egress ACL). I have come across these in the below Cisco NSEL document
Why do we need this? Can anyone explain me or redirect me to some document that throws some lights on these.