A technical scenario about possible network congestion to be solved. Other questions were regarding DNS, network layer, IDS, IPS, accesslist, statefull firewall, stateless firewall, tech support, problem solving ability, routing, IGMP, VPN etc
I was unable to answer to the point, but I made up some other scenario which could explain the solution. Interviewer was pleased but needed me to work more on my skills. For other questions I was able to define most of them but not detail oriented answers.
The packet would reach the ingress interface of Firewall A, it would then match an ACL defined for a crypto map. The ASA would then establish a tunnel to Firewall B using the encr/hash/timeout defined for P1 and the PSK defined in the Tunnel Group. Once the tunnel has been established, the packets themselves would either be translated or not (nonat), depending on the nat configuration and then be encrypted using the encr/hash/timeout defined for P2 within the crypto map. Once encrypted, the packets are routed out the egress interface towards Firewall B. The sequence of events is reversed on the other side.
SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.