All,

I've got a situation where I need to log http requests from a couple of systems. I also have regex class-maps that I match on to restrict only certain users from getting on the web.

The default inspection is applied as a global policy, and my regex policy (INBOUND) is applied to the inside interface. I don't get hits on the inspect for this class map:

class-map REPORT

match access-list MONITOR

access-list MONITOR; 2 elements

access-list MONITOR line 1 extended permit ip host 10.5.5.5 any (hitcnt=0) 0x0c07d07d

access-list MONITOR line 2 extended permit ip host 10.5.5.50 any (hitcnt=0) 0x40f63d6c

policy-map INSIDE

class restricted is my "deny" only certain users portion (not shown above)

class RESTRICTED

inspect http RESTRICTED_INTERNET

class REPORT

inspect http

!

I removed the service policy from the interface and reapplied it, but when I did a "sho service-policy inspect http", I don't have any hits on this at all. This DOES work on a 5505, but this is a 5550 and I'm wondering if I'm missing something. I also removed the inspects from the default inspection to see if that was stopping it, but it didn't help.

I'm seeing hits come into the ASA from the outside in that's requesting resources on the inside network, but the only thing that I'm logging from the inside out is the regex policy map denies.

Thanks!

John