You don't need to permit anything else beside the interesting traffic that is to be encrypted unless:
- The ASA terminating the tunnel is sitting behind another ASA/FW/Router. If that is the case then you will need to create some "permit" entries on that device
- You can an ACL attached on the "outside" that is only allowing the "outside" IP to communicate with a specific list of other public IPs
I hope this helps!
Thank you for rating helpful posts!
Thank you for rating helpful posts!