ACL Optimizer is to minimize the number of ACEs in an ACL and are you saying you are not seeing any hits in configured rule base via ASDM,If yes then in order to view how many packets have moved via a certain ACL you need to configure logging message for that rule to informational to see what is passing through the rule.
The number of hits in the rule is dynamically updated depending on the frequency set in the Preferences dialog box. Hit counts are applicable for explicit rules only. No hit count will be displayed for implicit rules in the Access Rules table.
If I clearly understand (my english is not the best), I have the same problem.
Maybe our access-lists are to long, to much. I have 3 countext, 2 of them shows good the hitcnt in ASDM (more less access-lists) and 1 of them worked well, but I just increased the rules, and suddenly not being displayed.
ASDM always sends a request for all ACLs in one HTTP server request string to the FWSM. The FWSM device is unable to handle the super long request to its HTTPS server from the ASDM, runs out of buffer space, and finally drops the request. When you have too many access lists, the request from ASDM to the FWSM becomes too long for the FWSM to process. As a result, it does not get the correct response. This is an expected behavior with the functionality of ASDM and the FWSM. Bugs CSCta01974 (registered customers only) and CSCsz14320(registered customers only) have been filed to address this behavior with no known workaround. A temporary workaround is to use the CLI to monitor the ACL hits.
There are several other bugs filed to address this issue which are superseded by another bug, CSCsl15055 (registered customers only) . This bug shows that the issue is fixed in 6.1(1.54). For the FWSM, the fixed ASDM version is 6.2.1F. The issue has been fixed by tweaking how the ASDM queries the FWSM for the ACL information. Instead of sending one big, long request string that contains all the access list information, the ASDM now splits them into multiple meaningful requests and sends to the FWSM for processing.
Note: The access list hit count entry on the FWSM is supported from version 4.0 onwards.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...