I've got a situation where I need to log http requests from a couple of systems. I also have regex class-maps that I match on to restrict only certain users from getting on the web.
The default inspection is applied as a global policy, and my regex policy (INBOUND) is applied to the inside interface. I don't get hits on the inspect for this class map:
match access-list MONITOR
access-list MONITOR; 2 elements
access-list MONITOR line 1 extended permit ip host 10.5.5.5 any (hitcnt=0) 0x0c07d07d
access-list MONITOR line 2 extended permit ip host 10.5.5.50 any (hitcnt=0) 0x40f63d6c
class restricted is my "deny" only certain users portion (not shown above)
inspect http RESTRICTED_INTERNET
I removed the service policy from the interface and reapplied it, but when I did a "sho service-policy inspect http", I don't have any hits on this at all. This DOES work on a 5505, but this is a 5550 and I'm wondering if I'm missing something. I also removed the inspects from the default inspection to see if that was stopping it, but it didn't help.
I'm seeing hits come into the ASA from the outside in that's requesting resources on the inside network, but the only thing that I'm logging from the inside out is the regex policy map denies.