I'm creating an ipsec tunnel between 2 asas. I realize that the crypto map specifies the traffic that is being encrypted between the 2 local subnets? but I do have to create a separate access list don't I? This is going to be an ipsec between my company and a recently acquired company. so the subnet we have acquired will only have access to specified ports on certain ips on our network. The crypto map wouldn't have anything to do with that would it? i would need an additional acl to specify this traffic?