cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASA ACL logging return traffic

pwu
Beginner
Beginner

I have an ASA running 8.0(4).  I am auditing the connections that are flowing through the firewall.  I have done this by adding an 'ip any any log' rule to the end of my configued ACL's so that I can see what type of traffic is not matching.

What I am seeing in the log is what looks like return traffic, or the SYN/ACK from a connection attempt.  It is confusing because the log shows the source and destination to be opposite of what I would expect.  I would expect the firewall to maintain state and the ACL to not care about return packets.  Is this standard behavior on the ASA, or is this a bug?  Is there a way to suppress this output if it really is just return packets that the ASA will allow by default.

Who Me Too'd this topic