Just installed some new ASAs to replace our old 520 PIX boxes and I'm seeing some interesting traffic being denied. The traffic originates from various websites (that our users are accessing without difficulties) and is destined for our proxy server. A sample error is included below. I've changed the proxy server address.
4 Apr 24 2007 14:12:06 106023 22.214.171.124 10.1.1.1 Deny tcp src outside:126.96.36.199/80 dst inside:10.1.1.1/59584 by access-group "outside_access_in" [0x0, 0x0]
Its strange because obviously no ACL is required in this setup because any traffic coming back to the proxy server should already be part of an existing conversation. It isn't causing operational issues as far as I can tell but I'd like to understand the messages or suppress them so they don't fill my logs up.