cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Hit count in ASA

mahesh18
Level 6
Level 6

Hi everyone,

Need to confirm how hit count is incremented in ASA.

I am pinging IP from PC connected to ASA  .

PC has send 4 packets

Here is ASA info

ciscoasa#                                                         sh access-li$

access-list cached ACL log flows: total 1, denied 0 (deny-flow-max 4096)

            alert-interval 300

access-list ICMP; 1 elements; name hash: 0x2d2cf426

access-list ICMP line 1 extended permit icmp any any echo-reply log informational interval 300 (hitcnt=3) 0x0b307247

ciscoasa#  ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=33 len=32

ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335

ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=33 len=32

ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1

ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=34 len=32

ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335

ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=34 len=32

ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1

ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=35 len=32

ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335

ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=35 len=32

ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1

ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=36 len=32

ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335

ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=36 len=32

ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1

ciscoasa#                                                         sh access-li$

access-list cached ACL log flows: total 1, denied 0 (deny-flow-max 4096)

            alert-interval 300

access-list ICMP; 1 elements; name hash: 0x2d2cf426

access-list ICMP line 1 extended permit icmp any any echo-reply log informational interval 300 (hitcnt=4) 0x0b307247

We can see that after the ping hit count has gone from 3 to 4.

So does  this mean that for every 4 packets sent by PC  Hit count increments with 1?

Thanks

Mahesh

Who Me Too'd this topic