https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065985#M396775 <HTML><HEAD></HEAD><BODY><P>Yes, that is correct.</P><P>Access-list on ASA only matches on the first connection, and the subsequent packets within the same connection will be allowed by default as it is part of the same connections. ASA is a stateful firewall so it has a state table to store the existing connections.</P><P></P><P>Hope that helps.</P></BODY></HTML> Fri, 26 Oct 2012 02:01:09 GMT Jennifer Halim 2012-10-26T02:01:09Z https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065984#M396773 <P>Hi everyone,</P><P></P><P>Need to confirm how hit count is incremented in ASA.</P><P></P><P>I am pinging IP from PC connected to ASA&nbsp; .</P><P>PC has send 4 packets</P><P></P><P>Here is ASA info</P><P></P><P>ciscoasa#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sh access-li$</P><P>access-list cached ACL log flows: total 1, denied 0 (deny-flow-max 4096)</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; alert-interval 300</P><P>access-list ICMP; 1 elements; name hash: 0x2d2cf426</P><P>access-list ICMP line 1 extended permit icmp any any echo-reply log informational interval 300 (hitcnt=3) 0x0b307247</P><P>ciscoasa#&nbsp; ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=33 len=32</P><P>ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335</P><P>ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=33 len=32</P><P>ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1</P><P>ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=34 len=32</P><P>ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335</P><P>ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=34 len=32</P><P>ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1</P><P>ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=35 len=32</P><P>ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335</P><P>ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=35 len=32</P><P>ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1</P><P>ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=36 len=32</P><P>ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335</P><P>ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=36 len=32</P><P>ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1</P><P></P><P>ciscoasa#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sh access-li$</P><P>access-list cached ACL log flows: total 1, denied 0 (deny-flow-max 4096)</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; alert-interval 300</P><P>access-list ICMP; 1 elements; name hash: 0x2d2cf426</P><P>access-list ICMP line 1 extended permit icmp any any echo-reply log informational interval 300 (hitcnt=4) 0x0b307247</P><P></P><P></P><P>We can see that after the ping hit count has gone from 3 to 4.</P><P></P><P>So does&nbsp; this mean that for every 4 packets sent by PC&nbsp; Hit count increments with 1?</P><P></P><P></P><P>Thanks</P><P></P><P>Mahesh</P> Tue, 12 Mar 2019 00:14:15 GMT https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065984#M396773 mahesh18 2019-03-12T00:14:15Z https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065985#M396775 <HTML><HEAD></HEAD><BODY><P>Yes, that is correct.</P><P>Access-list on ASA only matches on the first connection, and the subsequent packets within the same connection will be allowed by default as it is part of the same connections. ASA is a stateful firewall so it has a state table to store the existing connections.</P><P></P><P>Hope that helps.</P></BODY></HTML> Fri, 26 Oct 2012 02:01:09 GMT https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065985#M396775 Jennifer Halim 2012-10-26T02:01:09Z https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065986#M396778 <HTML><HEAD></HEAD><BODY><P>Hi Jennifer,</P><P></P><P>Thanks again for prompt&nbsp; reply</P><P></P><P>Regards</P><P>MAhesh</P></BODY></HTML> Fri, 26 Oct 2012 02:16:25 GMT https://community.cisco.com/t5/network-security/hit-count-in-asa/m-p/2065986#M396778 mahesh18 2012-10-26T02:16:25Z