Extended IP access list veneer-75
10 permit tcp host 192.168.210.70 10.2.75.0 0.0.0.255 eq 443
20 permit tcp host 192.168.244.20 10.2.75.0 0.0.0.255 eq 3389
30 permit tcp host 192.168.244.25 10.2.75.0 0.0.0.255 eq 3389
40 permit tcp host 192.168.244.30 10.2.75.0 0.0.0.255 eq 3389
50 permit tcp host 192.168.244.20 10.2.75.0 0.0.0.255 eq 445
60 permit tcp host 192.168.244.25 10.2.75.0 0.0.0.255 eq 445
70 permit tcp host 192.168.244.30 10.2.75.0 0.0.0.255 eq 445
80 permit tcp host 192.168.244.20 10.2.75.0 0.0.0.255 eq msrpc
90 permit tcp host 192.168.244.25 10.2.75.0 0.0.0.255 eq msrpc
100 permit tcp host 192.168.244.30 10.2.75.0 0.0.0.255 eq msrpc
110 permit tcp host 192.168.210.40 10.2.75.0 0.0.0.255 eq 41002
120 permit udp host 192.168.210.11 10.2.75.0 0.0.0.255 eq domain
130 permit udp host 192.168.210.16 10.2.75.0 0.0.0.255 eq domain
140 permit udp host 192.168.210.21 10.2.75.0 0.0.0.255 eq domain
150 permit udp host 192.168.210.22 10.2.75.0 0.0.0.255 eq domain
160 deny ip any any log (1563 matches)

160 deny ip any any log (1563 matches)

Only this have hit count.

So 

Can I see config of vlan interface.

interface Vlan75
ip address 10.2.75.1 255.255.255.0
ip helper-address 192.168.210.21
ip helper-address 192.168.210.22
no ip redirects
ip access-group veneer-75 out
end

I am just full of ACL questions today, but I am hoping you got time for one more. 

After implementing the ACL that we discussed here in this thread I began to get a lot of denies for inbound traffic from the internet. 

Figured this was all return traffic that was getting blocked. I first applied the ACL 

ip access-list extended veneer-75-in
remark this is to allow all established TCP connections
permit tcp any any established
permit udp any any
deny ip any any log

This was inbound. 

I was still getting a bunch of denies

Jul 11 13:14:28 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56557) -> 40.97.205.2(443), 1 packet
Jul 11 13:14:29 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56541) -> 52.96.113.178(443), 1 packet
Jul 11 13:14:31 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56561) -> 3.223.18.180(443), 1 packet
Jul 11 13:14:32 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56563) -> 54.224.98.140(443), 1 packet
Jul 11 13:14:34 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56567) -> 3.217.227.12(443), 1 packet
Jul 11 13:14:35 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56572) -> 52.96.113.194(443), 1 packet
Jul 11 13:14:37 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56547) -> 52.96.113.178(443), 1 packet
Jul 11 13:14:38 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56575) -> 20.190.151.132(443), 1 packet
Jul 11 13:14:41 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56577) -> 3.224.142.88(443), 1 packet
Jul 11 13:14:42 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56579) -> 18.213.48.233(443), 1 packet
Jul 11 13:14:43 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56582) -> 3.211.34.234(443), 1 packet
Jul 11 13:14:45 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56559) -> 52.96.113.178(443), 1 packet
Jul 11 13:14:47 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56562) -> 52.96.113.210(443), 1 packet
Jul 11 13:14:49 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56591) -> 34.197.58.77(54443), 1 packet
Jul 11 13:14:51 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56592) -> 52.96.113.194(443), 1 packet
Jul 11 13:14:52 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56594) -> 54.224.98.140(54443), 1 packet
Jul 11 13:14:54 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56601) -> 3.217.227.12(54443), 1 packet
Jul 11 13:14:56 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56606) -> 52.96.119.98(443), 1 packet
Jul 11 13:14:58 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56583) -> 52.96.113.194(443), 1 packet
Jul 11 13:14:59 PDT: %SEC-6-IPACCESSLOGP: list veneer-75-in denied tcp 10.2.75.125(56610) -> 20.190.151.6(443), 1 packet

I then decied to add in permit tcp any any for anything that wasn't already established but then I started to get these denies on the outbound ACL

Jul 11 13:16:28 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 34.225.96.213(443) -> 10.2.75.125(56680), 1 packet
Jul 11 13:16:29 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 52.0.42.182(443) -> 10.2.75.125(56685), 1 packet
Jul 11 13:16:30 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 52.96.113.130(443) -> 10.2.75.125(56687), 1 packet
Jul 11 13:16:32 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 34.227.6.160(443) -> 10.2.75.125(56690), 1 packet
Jul 11 13:16:33 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 20.190.151.69(443) -> 10.2.75.125(56700), 1 packet
Jul 11 13:16:34 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 174.129.10.62(54443) -> 10.2.75.125(56695), 1 packet
Jul 11 13:16:35 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 34.202.153.67(443) -> 10.2.75.125(56688), 1 packet
Jul 11 13:16:36 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 52.96.113.130(443) -> 10.2.75.125(56709), 1 packet
Jul 11 13:16:38 PDT: %SEC-6-IPACCESSLOGP: list veneer-75 denied tcp 52.0.42.182(443) -> 10.2.75.125(56685), 1 packet

dont worry I will share lab explain TCP with SVI VLAN ACL with establish.
wait me two-three hours 
thanks 
MHM

perfect thank you

Thank you again for your help I was able to fix the next issue. The problem was that the ACL was blocking return internet traffic. I added the following line to the ACL

permit tcp any any established

That fixed the return traffic getting blocked.