I have two Cisco 5585 in a cluster. My understanding of the "show cluster access-list" command is that it shows the hit count as (x+y, x, y), with the first value as the aggregated hit count of the other cluster members. So if I have to cluster members, with the first member having a hit count of 10, and the second 20, the hit count would show as (hitcnt=30, 10, 20).
However, while I'm seeing some access-lists showing the correct aggregation, I'm seeing others like this:
ASA# sh cluster access-list inside
hitcnt display order: cluster-wide aggregated result, 1, 2
access-list inside_access_in line 1 extended permit tcp host 192.168.1.10 host 192.168.1.10 eq 8080 (hitcnt=0, 107554, 0) 0xbd2e4e27
What does this mean?