if inside acl is called in first, then a strange problem in this remote setup is the packet gets dropped due to implicit deny on inside interface list . this comes up during tracer. inspite of the acl having a defined line for the traffic that is required.
below is the list on local interface. Line 2 is meant for traffic which is from host 172.16.100.50 to 10.52.151.81 on a tcp port.
asp capture shows this drop also.
access-list local-access line 1 extended permit ip 192.168.100.0 255.255.255.240 any (hitcnt=0)
access-list local-access line 2 extended permit ip host 172.16.100.50 10.52.0.0 255.255.255.224 (hitcnt=0)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...