I hve a cisco asa running 8.3(1) version.
I have a succesffull L2L tunnel between two sites. but, im confused about the nat exemption used here. An acl is defined stating the interesting traffic of two sites using the tunnel should be nat exempted and is configured as below in rectangular boxes.
The ACL created doesnt have a statement to be nat exempted nor it is applied to any interface.
nat (inside) 0 access-list inside_nat0_outbound
## Configure NAT Exempt ACL
access-list inside_nat0_outbound extended permit ip object-group ET_LOCAL object-group ET_REMOTE
object-group network ET_LOCAL
network-object host 10.x.x.x
object-group network ETS_REMOTE
network-object host 64.x.x.x
These is a relic of pre 8.3 because as I said this is old syntax so I assume you migrated your config to 8.3 and this is leftover, if this is the case then you can safely delete it.Maybe as a safeguard making the ACLs inactive and verify tunnels are ok then you can delete them.
Don't forget to rate helpful posts.