Hello Willys,
using the session info from OP:
Session ID: 20285605, Policy name: VPN-ACF-CCT-to-Remote/101, State: Active, Timeout: 2, Valid
In: 10.1.138.32/3 --> 172.29.0.44/21;icmp, If: reth1.803, Pkts: 1, Bytes: 100
Out: 172.29.0.44/21 --> 10.1.138.32/3;icmp, If: st0.14, Pkts: 1, Bytes: 100
Say, there was PAT being done to IP address 192.1.1.1/32. Then the session would look like:
Session ID: 20285605, Policy name: VPN-ACF-CCT-to-Remote/101, State: Active, Timeout: 2, Valid
In: 10.1.138.32/3 --> 172.29.0.44/21;icmp, If: reth1.803, Pkts: 1, Bytes: 100
Out: 172.29.0.44/21 --> 192.1.1.1/3;icmp, If: st0.14, Pkts: 1, Bytes: 100
I would interpret the session entries like this:
* source of the traffic is from 10.1.138.32 -> 172.29.0.44 (this is how the packet is put on the wire... how the FW initially sees the packet).
* incoming interface of the original packet is reth1.803 interface
* the firewall is expecting traffic in the reverse direction to come in on st0.14 interface
* there is NAT involved since the return traffic's destination IP has reference to 192.1.1.1, instead of 10.1.138.32. This makes sense, as this is how the packet would be seen by the firewall.
Hope this helps,
Regards,
Sam