1. No, it will not get dropped. The ACL only specifies which host/network needs to be sent towards the CSC module. If it's not specified in the ACL, it won't be sent towards the module, and just go out directly towards the Internet if it's outbound traffic.
2. Depends on what you would like to scan. If you only want to scan outbound traffic from inside to outside, then you would only need tto configure the access-list in the outbound direction, ie:
access-list inside-csc permit 192.168.1.0 255.255.255.0 any http
If you are hosting any web server and would like incoming traffic to be scanned as well, then you would configure it in the incoming direction towards the web server.
Typically people scan outgoing traffic, and configure policy so users can only access certain websites/categories, and disallowing some other categories (gambling, porn, etc).
#1 If you are sending traffic to the CSC module, including the open ssl vpn traffic, then it might have been blocked by the CSC module, not by the ASA. If you would like the open ssl vpn traffic to bypass the CSC module, then traffic that you send towards the CSC module needs to bypass or deny the open ssl traffic.
#2 If you are trying to reduce load, you can just scan traffic from inside to outside. It scans stateful connection, not stateless, so you don't have to worry about return traffic as if it's part of the same connection, it will be scanned.
Access-list on the outside interface only applies to traffic initiated from the outside.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...