hi guys,

we are facing issue with our ASA 5515x which was working fine but after enabling Unicast Reverse Path Forwarding and removing some weak encryption/hashing Transform-set, now all traffic is being blocked by Implicit Deny rule from all interfaces.

i've disabled the URPF and configured back the other protocols a but still no traffic is coming/outgoing and Anyconnect also stopped working.

there is no hit on permit ip any any rule and all traffic is being deny by Implicit Deny rule.

sh run access-list Inside_access_in
access-list Inside_access_in extended permit ip any any

show access-list Inside_access_in
access-list Inside_access_in; 1 elements; name hash: 0xa231c4d3
access-list Inside_access_in line 1 extended permit ip any any (hitcnt=0) 0xe42c5ef9

show run access-list Dmz_access_in
access-list Dmz_access_in extended permit ip any any

show access-list Dmz_access_in
access-list Dmz_access_in; 1 elements; name hash: 0xb5611b21
access-list Dmz_access_in line 1 extended permit ip any any (hitcnt=0) 0x623158d6

Packet tracer from Inside to DMZ

packet-tracer input inside tcp 10.12.14.233 2000 192.168.4.5$

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.4.5 using egress ifc Dmz

Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaacaa74570, priority=501, domain=permit, deny=true
hits=39497, user_data=0x9, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Inside, output_ifc=any

Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Dmz
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Packet tracer from Inside to Outside

packet-tracer input inside tcp 10.12.14.233 2000 8.8.8.8 80 $

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 151.253.72.140 using egress ifc Outside

Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaacaa74570, priority=501, domain=permit, deny=true
hits=39901, user_data=0x9, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Inside, output_ifc=any

Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule