First of all... this is a basic sanity check.
Configuration consists of an ASA 5520 and Cisco IPSec Client; clients connecting from Internet. Since the VPN client tunnel terminate on the outside interface of my ASA, is the traffic associated with the security level assigned to this interface? As a result, if I want VPN Client traffic to flow to a DMZ on another ASA interface (with a higher security level than the outside interface) a NAT exemption will be created on the DMZ interface with the default "NAT Exemption Direction" i.e., outbound traffic to lower security interfaces. Correct? Also, will the access rules be applied on the Outside interface allowing traffic from the VPN client address space to the DMZ hosts on specific protocols?
Thank you in advance for your assistance, it will be appreciated!