We do not know much about this situation. We are told about an ASA with a vpn tunnel. I assume that this is a site to site vpn, but I keep learning the lesson about advice based on assumption. So can the original poster tell us a bit more about this vpn?

We are told that there is an acl on the inside interface and another acl on the outside interface. But we do not know what these acl do. We are asked if the acl on the outside interface can be removed. I am reluctant to answer that without knowing what that acl does. It is tempting to assume that the acl on the outside interface is specific to the vpn traffic. But when I think about it that assumption can not be true. An acl applied to the outside interface will evaluate all traffic on that interface, both vpn traffic and non vpn traffic. So what does this acl do with non vpn traffic? What would be the effect if the acl is removed? We need better information if we are to give good advice about this.

Hi Richard,

Before getting into this ACL part just want to tell you the basic topology that, there are some internal server in our end and the remote customer end want to access that so from my teammate i just got to know that our internal server listen to Bidirectional port 5093. As it is some private server so we have created vpn

We have successfully created the Vpn tunnel and   our internal server reside on  inside interface of the ASA. SO on the inside interface we have applied Acl from source as our server and the destination as The client/customer system. And the same ACL has applied on the outside interface(VPN interface) but the difference is source is client/customer system and destination as our server. As i mentioned the server listen on bidirectional port do the outside interface ACL really need for the Vpn traffic. Their is no non vpn traffic in this scenario.

Pls let me know if any topology diagram is required.

Hello,

your original question was about removing the ACL on the outside interface, right ? I guess a topology diagram would be useful, as it is not really clear what you are trying to allow/block...

I appreciate the attempt to provide additional information. But there are still many things that are not clear.

- your description of the vpn sounds like it is a site to site vpn. But it might also be a Remote Access vpn. Can you clarify which type of vpn this is?

- for site to site vpn there is an acl that identifies IP traffic that is to be encrypted. I assume that your configuration has such an acl. For site to site vpn it is an option but not a requirement to have acl on inside and/or outside interface. I am not clear why you have chosen to use acl on inside and outside interfaces. Can you explain why this is implemented?

- part of your question is "can i disable the rule on outside interface". If we look at this specifically in terms of vpn then the answer is yes you could disable this rule and not impact the vpn. But if we look at a broader perspective, the acl probably deals with other types of traffic and not just vpn. If you disable the acl what would be the impact on those other types of traffic?