trying to troubleshoot a host that sits behind a configured interface on a FWSM running 3.1(7). There is an ACL applied to this interface and its filtering other traffic for this host I am troubleshooting and it shows hits on the acl's, however, I put an entry in this acl for this host going to a particular destination and assigned it to line 1, and when the host tries to go to this destination (by ip, not hostname) I get no hits on the ACL. He gets a connection refused which tells me is he making it to the remote host, but why I'm not seeing a hit when its on line 1 is confusing me. I'm quite familiar with acl's so I know its applied correctly, no typo's, etc. And I also and filtering on the address on my syslog box and I don't see his attempts making it to the syslog. In fact, I only see deny traffic on the syslog for ANY address, so it may be my logging levels are not set right. Do I need to set it to trap at the debugging level to see permitted connections? In any case, why is this hitcounter not incrementing?