Hits seen in Top 10 Access Rules but not in CLI

saabqmacs · ‎11-08-2013

ASA Version: 8.2(2)

ASDM Version: 6.2(5)

Device Type ASA 5510

I see hits in the "Top 10 Access Rules" but see nothing in the "Access Rules" page and the CLI. Does this look like a bug or am I missing something? Thanks in advance!

Top 10 Access rules show hits. For e.g. Rule 177, 189, and 190.

The Access Rules page in ASDM does not show any hits but has "Top 10" marked.

The CLI shows no hits for rule 177:

MyASA# show access-list | include 177

access-list outside_access_in line 177 extended permit object-group TCPUDP object-group MyName object-group ActiveDirectoryServers object-group ActiveDirectory 0x0a4449d8

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 389 (hitcnt=0) 0xa44bd570

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 445 (hitcnt=0) 0x4c0d225b

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 88 (hitcnt=0) 0xda11f206

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq domain (hitcnt=0) 0xadb35eeb

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq ntp (hitcnt=0) 0x54e1942c

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 3268 (hitcnt=0) 0x4815484d

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 135 (hitcnt=0) 0x4ee5e504

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 range 1025 1026 (hitcnt=0) 0x78c1a00a

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq www (hitcnt=0) 0x547c7f3f

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 139 (hitcnt=0) 0x675a8434

access-list outside_access_in line 177 extended permit udp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 range 49152 49200 (hitcnt=0) 0x041ee127

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq ldap (hitcnt=0) 0xefd4becb

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 445 (hitcnt=0) 0x22c6df99

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 88 (hitcnt=0) 0x6c69d270

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq domain (hitcnt=0) 0x958ad172

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 123 (hitcnt=0) 0x004630da

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 3268 (hitcnt=0) 0x3b13d00e

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq 135 (hitcnt=0) 0x98307d89

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 range 1025 1026 (hitcnt=0) 0xd1d12d12

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq www (hitcnt=0) 0x46d6d2ed

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 eq netbios-ssn (hitcnt=0) 0x20a6e7bf

access-list outside_access_in line 177 extended permit tcp 10.14.7.0 255.255.255.0 10.100.100.0 255.255.255.0 range 49152 49200 (hitcnt=0) 0x15dbf9ad

Marius Gunnerud · ‎11-11-2013

This does sound a lot like a bug, though I have not been able to find any bug reports about it. If it is an option, try upgrading the ASA and ASDM to a slightly newer version.

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎11-15-2013

Were you able to upgrade the ASA and ASDM? did this solve the issue?

Please rate any helpful posts.

--
Please remember to select a correct answer and rate helpful posts

jumora · ‎11-17-2013

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=%20 CSCsl30904