Hi,
Regarding the log you attached.
To me the log basically tells that a host on your inside network formed a TCP connection to the Internet which it then resetted immediatly. (For whatever reason)
The log messages following that are probably the host on the Internet trying sending acknowledgement messages for some sent data (ACK) and also closing the TCP Connection (FIN ACK)
And the reason the Deny messages look abit different is because the ASA has already torn down those connections and therefore states that there are no active connections on the ASA that corresponds to the arriving packets so it drops them.
In other words, the remote Internet host is still sending packets related to the connection that the inside host already closed and which the ASA already tore down.
Would it be possible to see the actual configurations on the firewall?
- Jouni