Hello everyone, I have found posts over the last 10 years with a specific error/bug(?). The src and dest IP addresses are swapped for the Cisco ASA event with ID 302013. If you look in the app, it even points out that these two fields are knowingly swapped. However, for the following TearDown event of the same connection, the IPs are not swapped. I am trying to figure out why this is the case. Since this postings about this topic has been around for 10 years now and the app says: "# direction is outbound - source and destination fields are swapped" ... it can't be an error. But I can't explain it. Can anyone comment on this? Example: <166>Dec 23 2024 10:36:04: %ASA-6-302013: Built outbound TCP connection 224811914 for dmz-sample-uidoc_172.27.252.0/27_604:172.27.252.1/8200 (172.27.252.1/8200) to fwr_sample_172.20.25.0/26:172.27.13.131/62388 (172.27.13.131/62388) Result: src=172.27.13.131 || dest = 172.27.252.1 <166>Dec 23 2024 10:36:04: %ASA-6-302014: Teardown TCP connection 224811914 for dmz-sample-uidoc_172.27.252.0/27_604:172.27.252.1/8200 to fwr_sample_172.20.25.0/26:172.27.13.131/62388 duration 0:00:00 bytes 0 TCP FINs from fwr_sample_172.20.25.0/26 Result: src=172.27.252.1 || dest = 172.27.13.131 Thanks and best regards Jan ... View more