asa reply packet error

jbseong · ‎12-23-2020

We are currently using asa.

outside policy
src ip 192.168.1.0/24
dst ip 192.168.100.10

inside policy
src ip 192.168.100.10
dst ip 192.168.1.0/24

I set it up.

With one connection, both the outside and inside hitcounts are rising.

Is this correct?

ex)192.168.1.10 ssh connect 192.168.100.10

syslog view
outside 192.168.1.10->192.168.100.10 dst port 22

inside
192.168.100.10/src port 22->192.168.1.10

Mohammed al Baqari · ‎12-24-2020

Hi,

In a statefull firewall the hit count should increase on the initiating
side only except for icmp. Its stateless natively.

****** please remember to rate useful posts

jbseong · ‎12-24-2020

If so, is there a problem with both the inside side and the outside side being hit count rising?

As a result of checking the cisco document, it was confirmed that acl does not affect the sessions that are already connected.

However, as a result of the verification, it is strange that the log that should be shown only outside is also confirmed inside...

syslog view
outside

192.168.1.10->192.168.100.10 dst port 22

inside
192.168.100.10/src port 22->192.168.1.10

These two are the same session.

But the hitcount goes up inside as well..

Of course, the log is also shown.