I have a question about access-list logging for return traffic. I have ASA firewall with two interfaces: inside and outside. I have access-list on outside interface that allows specific traffic. I also have access-list on my inside interface that permits any any with logging informational configured.
When I use real-time log viewer with acl hash to see only syslog messages 106100 for ACL on inside interface I also see permitted return traffic. Is that normal behavior of ACL logging?
192.168.1.1 -----[ASA]----- 192.168.2.1
Outside interface ACL:
permit any 192.168.2.0 eq 80
Inside interface ACL:
permit any any log
When I use show conn command I can see connection from outside to inside with flags UIOB. But when I look real-time log viewer for inside ACL I also see that traffic is matched on ACL and hit counter for ACL is also increased.
Will my return traffic be permitted if I put deny 192.168.2.0 eq 80 any statement on the top of ACL on inside interface?
Thank you for the answer