I am trying to figure out what is hitting an acl on this ASA that we just took on. I am cleaning it up and there is one allow any any to any any on all IP rule at the bottom of inside int list that keeps getting a lot of hits. (it was at the top and I moved it to the bottom and it is still getting hits)
I have added in more specific rules for everything we believe we need so it should not be necessary.
I can see that it has an identifier similar to "0xa92XXXX" however I do not see it any of the logs nor others like it mentioned.
I have logging set to debug and capture while watching the hits go up on the acl.
I want to get rid of it and I would just take it out but my director wants me to verify what is hitting it first.
Any suggestions?
No comments:
Post a Comment