The PIX does this much better than a router and you do not even need an ACL entry. Make sure you are logging the following syslog messages:
302013 - Built TCP connection
302014 - Teardown TCP connection
302015 - Built UDP connection
302016 - Teardown UDP connection
I wrote a perl script that is capable of quickly summarizing information gathered by these messages. I could send it to you if you like.
Kevin, could you also send me the script! i have beenlooking for something like that (didn't want to reinvent the wheel)
Kevin, I'd love a copy of the script as well. firstname.lastname@example.org.
If anyone is interested I have also written a perl script that shows all unusual messages as well as summaries of all denied packets. I have a version for the Pix 6.2 log files and one for IOS 12.x log files. Not sure if it is the same as Kevin's but I would be happy to share on request.