Hello Experts @balaji.bandi   @Rob Ingram  @Marvin Rhoads  @Giuseppe Larosa @Marius Gunnerud 

I want to block 10.170.150.188 IP blocked for Outside interface (Internet access).

TMGHQ5516(config)# packet-tracer input inside tcp 10.170.150.188 443 8.8.8$

Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f16587e56f0, priority=13, domain=capture, deny=false
hits=14546899901, user_data=0x7f1658c3d9e0, cs_id=0x0, l3_type=0x0
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
input_ifc=inside, output_ifc=any

Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f167cfafb00, priority=1, domain=permit, deny=false
hits=32706810754, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=inside, output_ifc=any

Phase: 3
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 72.138.52.93 using egress ifc outside

Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f166130d210, priority=13, domain=permit, deny=false
hits=13886, user_data=0x7f167021d580, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=inside, output_ifc=any

Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
object network obj_any
nat (any,outside) dynamic interface
Additional Information:
Dynamic translate 10.170.150.188/443 to 72.138.52.94/447
Forward Flow based lookup yields rule:
in id=0x7f167d19cef0, priority=6, domain=nat, deny=false
hits=347183725, user_data=0x7f167d19b790, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=outside

Phase: 6
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f167bbfe230, priority=0, domain=nat-per-session, deny=false
hits=535995168, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 7
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f167cfb7e60, priority=0, domain=inspect-ip-options, deny=true
hits=402098788, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=inside, output_ifc=any

Phase: 8
Type: FOVER
Subtype: standby-update
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f167d04d950, priority=20, domain=lu, deny=false
hits=126412143, user_data=0x0, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=inside, output_ifc=any

Phase: 9
Type: FLOW-EXPORT
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f16603fb6e0, priority=18, domain=flow-export, deny=false
hits=60170405, user_data=0x7f1660406e00, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=inside, output_ifc=any

Phase: 10
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0x7f16582627d0, priority=0, domain=user-statistics, deny=false
hits=311842728, user_data=0x7f1658222190, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=outside

Phase: 11
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x7f167bbfe230, priority=0, domain=nat-per-session, deny=false
hits=535995170, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 12
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x7f167cf325b0, priority=0, domain=inspect-ip-options, deny=true
hits=382998220, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 13
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0x7f1658263760, priority=0, domain=user-statistics, deny=false
hits=309534523, user_data=0x7f1658222190, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=inside

Phase: 14
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 540390589, packet dispatched to next module
Module information for forward flow ...
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_fp_tracer_drop
snp_ifc_stat

Module information for reverse flow ...
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_fp_tracer_drop
snp_ifc_stat

Phase: 15
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 72.138.52.93 using egress ifc outside

Phase: 16
Type: ADJACENCY-LOOKUP
Subtype: next-hop and adjacency
Result: ALLOW
Config:
Additional Information:
adjacency Active
next-hop mac address e481.846f.d577 hits 13798391 reference 3394

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow

access-list inside_access_in line 1 extended permit ip any 10.130.160.0 255.255.254.0 (hitcnt=364) 0x7538f31f
access-list inside_access_in line 2 extended permit ip 10.130.160.0 255.255.254.0 any (hitcnt=0) 0x3546d3ab
access-list inside_access_in line 3 extended permit object-group DM_INLINE_SERVICE_1 any any (hitcnt=144) 0x08e5d918
access-list inside_access_in line 3 extended permit icmp any any (hitcnt=144) 0xd6183fb5
access-list inside_access_in line 3 extended permit icmp any any echo (hitcnt=0) 0x925f140d
access-list inside_access_in line 3 extended permit icmp any any echo-reply (hitcnt=0) 0xb2f4960f
access-list inside_access_in line 4 extended permit ip any object TMGHQ_192.168.6_24NET (hitcnt=2566) 0x44e98379
access-list inside_access_in line 4 extended permit ip any 192.168.6.0 255.255.255.0 (hitcnt=2566) 0x44e98379
access-list inside_access_in line 5 extended deny ip host 10.170.150.188 interface outside (hitcnt=0) 0x94b8af68
access-list inside_access_in line 6 extended permit ip 10.170.150.0 255.255.254.0 192.168.125.0 255.255.255.0 (hitcnt=4) 0x1213fb13
access-list inside_access_in line 7 extended permit ip any any (hitcnt=24917) 0xa925365e

Its still hitting line 7 but nor line 5 of ACL?  Can you guide what to do ?

Thanks