From OpenNMS

Cisco ASA

When performing data collection on a Cisco ASA firewall using IF-MIB (i.e. MIB-2 interface counters), note that the "discarded packets" counters (ifInDiscards/ifOutDiscards) behave differently for subinterfaces vs. physical interfaces, as follows:

• If you are using a subinterface as a routed interface, ifInDiscards/ifOutDiscards will increment for each packet that is dropped due to policy. This means that you are very likely to see discards on subinterfaces; this doesn't necessarily indicate a problem.

• If you are using a physical interface as a routed interface, ifInDiscards/ifOutDiscards will not increment for each packet that is dropped due to policy. Discards on physical interfaces may be the result of buffer overflows or other packet handling decisions made by the ASA software.

This behavior has been confirmed on ASA software 7.2, and may hold true for other software versions as well.

Note that this behavior is technically valid, as the discards counter is defined as:

"The number of packets which were chosen to be discarded - even though no errors had been detected - to prevent their being deliverable to a higher-layer protocol."