The client has an outside ASA in transparent mode which has the "sysopt connection permit-vpn" enabled, there are also ACL rules to only allow certain outside Internet located routers to create VPNs to the internal ASA.
How is it best to log connections from the external routers on the transparent ASA? At the moment it is set to log at level 4 but the probable questions are:
1) Is "sysopt connection permit-vpn" relevant on an ASA in transparent mode that isn't terminating the VPNs?
2) If a transparent mode ASA has ACL rules for the usual VPN protocols included in the outside interface ACLs will they ever get matched.
3) Can we do away with the ACL entries or is the sysopt command redundant on a transparent ASA?