Hello. We have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL. What should we check?  What are we missing here?

Please see attached file

Thanks in Advance

interface Vlan64

ip address 10.147.64.254 255.255.255.0

ip access-group 134 in

access-list 134 permit udp any any eq bootpc log

access-list 134 permit udp any any eq bootps log

access-list 134 permit ip any 172.30.146.0 0.0.0.255

access-list 134 permit ip any 172.23.146.0 0.0.0.255

access-list 134 permit ip any 10.146.137.0 0.0.0.63

access-list 134 permit ip any 10.146.137.128 0.0.0.63

access-list 134 permit ip any host 10.146.81.240 log

access-list 134 permit ip any host 10.146.46.250

access-list 134 permit ip any host 10.146.46.157

access-list 134 permit ip 10.147.64.0 0.0.0.255 host 10.146.46.228

access-list 134 permit ip 10.147.64.0 0.0.0.255 host 10.146.137.99

access-list 134 deny   ip any 192.168.0.0 0.0.255.255

access-list 134 permit tcp any host 172.27.72.27 eq www

access-list 134 deny   ip any 172.16.0.0 0.15.255.255

“The next entry generates a log when I try RDP from 10.146.40.29 to 10.147.64.39”

access-list 134 deny   ip any 10.0.0.0 0.255.255.255 log

access-list 134 deny   ip any host 98.139.60.248 log

access-list 134 permit ip any any

access-list 134 permit icmp any any

"This is the log showed"

25w6d: %SEC-6-IPACCESSLOGP: list 134 denied tcp 10.147.64.38(3389) -> 10.146.40.
29(1150), 1 packet