No matter what if the access list if applied to the interface,it will be first thing Pix will lookinto.
Access list is matched first and the translation rule.So when the packet comes into the pix interface and we have access list applied to that interface,pix will first check if the traffic is permitted or denied ,If its denied then it will drop it and if permitted then it will check for the translation rule.
Important : access list is not checked for the return traffic ,pix looks into other things like translation,connection entry,sequence numbers etc. for the return traffic.
Check if the access list is applied properly on the interface
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...