if you have ASDM, check on the real time logs shows you what is the reason it was dropped ?
yes I have configured ASDM access.
I can see logs like the one below, when I try to open pages that are being blocked by ASA:
4 Jul 07 2019 15:36:27 188.8.131.52 12113 192.168.2.131 18231 Deny udp src outside_Abissnet:184.108.40.206/12113 dst LAN_PCstore:192.168.2.131/18231 by access-group "outside_Abissnet_access_in" [0x0, 0x0]
I dont understand why! When I first connected today I was able to open every page. Suddenly now the access for some pages is disappeared! As I understand, ASA is state-full FW, it must allow the reply back of the requests that are initiated from inside.
ciscoasa# show run access-list
access-list outside_Abcom_access_in extended permit tcp any object VOIP-192.168.3.33 eq sip
access-list outside_Abcom_access_in extended permit object-group DM_INLINE_SERVICE_1 any object test-192.168.2.131
access-list outside_Abissnet_access_in extended permit tcp any object VOIP-192.168.3.33 eq sip
access-list outside_Abissnet_access_in extended permit object test-7070 any object test-192.168.2.131
ciscoasa# show run access-group
access-group outside_Abissnet_access_in in interface outside_Abissnet
access-group outside_Abcom_access_in in interface outside_Abcom
I have attached some other Deny logs also
sorry my late reply. I have been on holiday.
ASA was denying some pages because of an access rule (open port 7070) that I created for testing purposes. With this access rule I just open the port 7070 (realserver) on ASA for my laptop. And I don't know Why access-group outside_Abissnet_access_in in interface outside_Abissnet resulted in denying some pages.