I am experiencing a very similar issue. I have created a SSL policy that is configured to perform decrypt-known key for a single web server on our inside network. Like you mentioned, alot of SSL traffic from various users to/from various sites is being blocked with “SSL Blocked (Decryption Error)” even though I only have the one server configured in my SSL policy and the default action is to not decrypt. I’m also running FP on top of ASA 5516-X in monitor only mode. I’m not going to place the FP inline until this is resolved.
... View more