I've seen ACLs that state "permit" and I've seen ACLs that state "deny" when attempting to define "interesting" traffic or traffic that should be sent to the AIP-SSM when used in a ASA5510. My question is, If I have a deny statement, does the ASA not send the traffic to the AIP-SSM?
The opposite would almost sound obvious. Also, this ACL is used in conjunction with a match statement. If I were using the same ACL applied to an interface I would definitely be denying traffic into or out of that interface. So, I'm a bit confused with some examples I've seen on this forum where the "deny" statement is used to send traffic to the AIP-SSM. It doesn't look like it would; maybe I need to lab it...