When the sensor's ACL is written to the router and applied to the interface/direction, then it will remove the application of any previous ACL to that same interface/direction.
Only one ACL may applied to a specific interface/direction.
The previous ACL will still exist in the router's configuration. It will just no longer be applied to that router interface/direction.
A good rule of thumb if you already have an existing ACL applied is to configure the sensor with the Name of that ACL as the Post-Block ACL.
When the sensor connects to the router it will read in the configuration lines from your existing ACL and store them in the sensor's memory. When the sensor creates it's own ACL it will add the lines from your ACL to the bottom of the ACL it creates.
You can use either numbered or named access-lists as the Pre or Post-Block ACL.
(The sensor will generate a named acces-list when it creates its access list on the router).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...