Hi there,
I am working on a ASA5520 running asa724-33-k8.bin and have been seeing some strange beheviour in relation to ACE additions.
On particular access-lists there is an implicit deny; so any new entries are added before this line.
However, once the line is in place, both packet tracer and a test of connectivity results in a drop - packet-tracer indicates the implicit deny in the middle of the ACL is the cause of this. This is usually resolved by removing any IP to name mappings and using the IP instead in the ACL; however this sometimes resolves the issues and sometimes not.
I was at first thinking that a large access list may exhibit this behaviour however the same thing has occured with an ACL that is only around 40 lines max.
There is a case open with our support provider but was wondering if anyone in the community has come across something similar?
Thanks in advance.