Logs are flooded with multiple Deny TCP entries on interface inside. From internal user IPs to unknown outside public IPs:
Deny TCP (no connection) from 172.26.x.x/63422 to 184.108.40.206/443 flags RST ACK on interface inside
Deny TCP (no connection) from 172.26.x.x/62898 to 220.127.116.11/80 flags RST ACK on interface inside
Deny TCP (no connection) from 172.26.x.x/62315 to 18.104.22.168/80 flags RST ACK on interface inside
Looking to see if these are normal or something to look into? Let me know if there's anything else I can post
I think these are not normal if they are showing up in large volume.
The logs says that the TCP packet was dropped with the (RST ACK) flag.
Now , the thing is we have to find out why the RST are coming in for these internal Hosts.
It can be different reasons for that(Asymmetric routing , External proxy etc) so you would have to check the captures for the complete stream thru the ASA device and see what you are able to see for the connection.
Thanks and Regards,
This may help in trying to figure out why these are being denied
22.214.171.124 is Google
126.96.36.199 is Cloud Flare Net
188.8.131.52 is Limelight Networks