116: 11:31:20.695917 54.67.53.97.443 > 188.188.188.188.11585: FP 2560128298:2560

1. 116: 11:31:20.695917 54.67.53.97.443 > 188.188.188.188.11585: FP 2560128298:2560128712(414) ack 2362777837 win 233 <nop,nop,timestamp 246272938 1558888826
2.  
3. packet-trac input outside tcp 52.216.128.211 https 188.188.188.188 11585
4.  
5. Phase: 1
6. Type: ACCESS-LIST
7. Subtype:
8. Result: ALLOW
9. Config:
10. Implicit Rule
11. Additional Information:
12. MAC Access list
13.  
14. Phase: 2
15. Type: ROUTE-LOOKUP
16. Subtype: input
17. Result: ALLOW
18. Config:
19. Additional Information:
20. in 188.188.188.188 255.255.255.255 identity
21.  
22. Phase: 3
23. Type: ROUTE-LOOKUP
24. Subtype: input
25. Result: ALLOW
26. Config:
27. Additional Information:
28. in 0.0.0.0 0.0.0.0 outside
29.  
30. Phase: 4
31. Type: ACCESS-LIST
32. Subtype:
33. Result: DROP
34. Config:
35. Implicit Rule
36. Additional Information:
37.  
38. Result:
39. input-interface: outside
40. input-status: up
41. input-line-status: up
42. output-interface: NP Identity Ifc
43. output-status: up
44. output-line-status: up
45. Action: drop
46. Drop-reason: (acl-drop) Flow is denied by configured rule
47.  
48.  
49. Now, I understand why packets to 188.188.188.188 11585 drop, there is no ACL pointing it to anything, but this appears to be returning traffic to a computer on the LAN, so why is it triggering a drop? This is what my NAT looks like
50.  
51. object network INSIDE-HOSTS
52.  
53. subnet 10.10.14.0 255.255.254.0
54.  
55. nat (inside,outside) dynamic interface