Hrm, I suppose I could drop a mirror on the port that the internal device is using and see what's being done then.
Thanks for that insight! jlc ________________________________ From: Aaron T. Rohyans [EMAIL PROTECTED] Sent: Friday, June 20, 2008 5:28 AM To: NT System Admin Issues Subject: Re: PIX Acl's ACL hit count logging on the PIX/ASA is based on traffic flow matching rather than individual packet matching. Flow being a session between Src IP, Dst IP, and possibly Port Pair. My guess is that the traffic flow initiated on one port (the one where the hit count goes up), then got redirected to a different port. Being the same flow, I wouldn't expect the hit count to go up on the "redirected to" port. Also, the PIX/ASA only logs one hit count per flow - so don't be surprised if you know the ACL is being matched several times, but the hit counter only increases by a few. Again, it is based on unique flow "hits". Weird I know... but PIX/ASA Access List logging is a bit different than IOS logging. HTH, Aaron ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
