I hoping someone may be able to help with a frustrating issue.
We have a pair of ASA's with IPS modules & we are running ASA software 8.3.1 and ASDM 6.3.1. The problem I am seeing is that ASDM is showing a zero hit count for active rules.
Using the log viewer there are hits that should be matching the rules and if I issue the show access-list command for the list the hit counts are incrementing correctly. Also if I disable the rules in the firewall config screen the traffic is then blocked so I know the rule's active but the hit count remains stubbornly '0'.
When I try to view the rule from the syslog viewer line by right clicking and selecting 'Show Access Rule' I get an error message about not being able to find the rule 'The hash code that identifies the rule can not be found'. If I right click the rule on the firewall config page and select 'show log' the filter that's created uses a different hash code to that shown in the CLI for the access list entry. If I search the CLI output for the hash code ASDM uses it doesn't exist.
I there anyway of refreshing the hash codes in ASDM? I've tried clearing the cache and reload ASDM on my PC but to no avail. There are several rules displaying this behaviour and means we have to trawl through hundreds of lines of 'show access-list' output to find any obsolete rules or troubleshoot as we can't rely on the ASDM hit count.
The only references to this I can find on the Cisco website are for CSCsl15055 which is a 'resolved caveat' and only applies to ASDM 6.0.2 which we don't have.
Thanks in advance,
You may be hitting bug ID CSCtg95077. You can reference the details of this bug here:
Seemingly, this bug should be resolved in 8.3(1)8. Let me know if this is indeed a match and mark this post as answered.
Hope this helps!