ASA Crypto ACLs
I am just curious if anyone knows the behavior of crypto acls (for crypto maps matching traffic for a lan-to-lan tunnel) pertaining to more specific entries. For example, I have two maps pointing to two different peers. One map matched traffic 10.0.0.0/8 -> 192.168.0.0/16 and the other map match traffic to 10.1.1.0/24 -> 192.168.1.0/24. If a packet comes in with a source of 10.1.1.100 and destination of 192.168.1.100....will the ASA send the packet over the tunnel that matches the more specific crypto ACL? Or simply the one that matches first? Based on traditional routing I would expect the more specific entry gets matched...but I have way of testing this right now. Additionally, if a packet came in with a source of 10.100.100.1 and a destination of 192.168.100.50 I would expect it to go over the tunnel with the more generic summary.