What is the process sequence in an asa with ipsec configuration , for traffic initiated from inside & from outside.
Remote Host -> Router -> Internet -> Asa ->Local Host
remote router has crypto acl , Asa has crypto acl and interface acl.
If local host starts traffic via Asa , will it first use the inside interface acl on ASA or crypto acl.
Appreciate if this can be helped with.
The inside acl will always be the first ACL to be hit. To confirm you can use the packet-tracer command, this will tell you exactly which process comes into effect and when:
The following image should give you an idea of the exact sequence of operations:
The crypto ACL will be hit immediately before phase 8(Egress Interface).