Hi,

I have some peculiar issue that my acl hit count is not getting increased. not bale to ping the public ip's

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit icmp any any

access-group inside_access_in in interface inside

icmp permit any inside

icmp permit any outside

im able to ping my inside interface but not able to ping internet. from asa im able to ping internet

my packet tracer output below.

packet-tracer input inside icmp 10.20.90.1 7 7 8.8.8.8 detailed

ASA# packet-tracer input inside icmp 10.20.90.1 7 7 8.8.8.8 $

Phase: 1

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in   0.0.0.0         0.0.0.0         Outside

Phase: 2

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in  id=0x6e1ef600, priority=500, domain=permit, deny=true

        hits=171641, user_data=0x8, cs_id=0x0, reverse, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

        input_ifc=inside, output_ifc=any

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: Outside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

ASA#

my nat is like below

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj_any

nat (inside,outside) dynamic interface

Any suggestion really appreciated.