My fictitious example. I have an ASA with an Inside and outside interface.
Crypto Isakmp is enabled on the outside interface. The ASA has an IPSEC vpn established allowing the remote side to hit computers on the inside interface.
There is an ACL applied to the outside interface.
My question: When the remote side comes in through the IPSEC VPN would it be subjected to being filtered first by the ACL applied to the outside interface or does it skip that?