I am working with a client whom is using a Failover pair of Cisco ASA 5520 appliances. This morning I had been tasked wiht tweaking an ACL that they have attached to a WAN interface on the ASA's.
As I am watching the Hit counts on ASDM, I notice that ASDM does not seem to project an accurate number of hit counts on ACE statements that match. The reason I am saying this is because I have ran several capture traces this morning on that interface, and the volume of traffic on the interface far exceeds that which ASDM shows.
An example would be an ACE that says "access-list itchy permit tcp host 192.168.1.239 host 192.168.101.21 eq 10566"
I am using this example because I see a huge amount of traffic that should qualify as "Hits" traversing the interface, but the hit count is much smaller than the traffic I am seeing.
Has anyone else ever witnessed this behavior in ASDM? I am wondering if ASDM only shows a representaiton or sampling of actual Hits, and therefore will never exactly match what the actual traffic load is...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...