I'm running a PIX 525 with software version 7.2(2)...I'm having a weird acl problem. I've inserted a few lines to the beginning of the acl inside_access_out, however the firewall seems to ignore them and just skip to the end. Here is what I get from the show access-list command (My IP is 10.14.2.39):
access-list inside_access_out; 13 elements
access-list inside_access_out line 1 extended permit ip host 10.14.2.39 host x.x.x.x(hitcnt=0) 0x7a832d4
access-list inside_access_out line 2 extended permit ip host 10.14.2.39 any (hitcnt=0) 0x28f7c337
access-list inside_access_out line 4 extended permit ip host 10.11.2.184 host x.x.x.x (hitcnt=0) 0x331c68af
access-list inside_access_out line 5 extended permit ip host 10.14.2.30 host x.x.x.x (hitcnt=0) 0x2a424acd
access-list inside_access_out line 6 extended permit ip host 10.14.2.68 host x.x.x.x (hitcnt=0) 0xc049a2b
access-list inside_access_out line 7 extended permit ip host 10.14.2.52 host x.x.x.x (hitcnt=0) 0x8be52cb1
access-list inside_access_out line 8 extended permit ip 192.168.14.0 255.255.255.0 host x.x.x.x (hitcnt=0) 0xfbe0b816
access-list inside_access_out line 9 extended permit tcp any any eq www (hitcnt=10659185) 0xe7714247
access-list inside_access_out line 10 extended permit tcp any any eq https (hitcnt=1505514) 0xec7b1d
access-list inside_access_out line 11 extended permit icmp any any (hitcnt=464352) 0x4416cbd7
access-list inside_access_out line 12 extended permit udp any any (hitcnt=10074659) 0x9c2207a6
access-list inside_access_out line 13 extended permit ip any any (hitcnt=2341790) 0xbc49651
access-group inside_access_out out interface outside
I replaced some IP addresses with x.x.x.x.
As you can see all the lines before the tcp any any www line get a hit count of 0. Any idea why that would be? I know I've initiated www traffic (and many other types of traffic), yet it doesn't seem to register.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...