I have an ASA running 8.0(4). I am auditing the connections that are flowing through the firewall. I have done this by adding an 'ip any any log' rule to the end of my configued ACL's so that I can see what type of traffic is not matching.
What I am seeing in the log is what looks like return traffic, or the SYN/ACK from a connection attempt. It is confusing because the log shows the source and destination to be opposite of what I would expect. I would expect the firewall to maintain state and the ACL to not care about return packets. Is this standard behavior on the ASA, or is this a bug? Is there a way to suppress this output if it really is just return packets that the ASA will allow by default.
