On the ASA is an ACL necessary in order for remote access or L2L tunnels to land on the outside interface?
Hello Phen
In order to allow access from outside to inside on an ASA, you must have an access list that allows this communication. The access list acts as an exception to the security levels configured, where communication from the outside interface to the inside interface is not allowed.
However, when creating a VPN such as that described in the ASA Site to Site IKEv1 IPSec VPN lesson below, you don’t need to specify such an access list.
As you can see from the lesson, the configuration of the crypto map specifies the interface that is to be used. That is enough to enable communication using the VPN tunnel without the need to specifically define an access list on the outside interface.
I hope this has been helpful!
Laz