Solved: ASA NETFLOW not capture packets from and to the itself interfaces

allexxf · ‎01-22-2018

Hi. We have ASA5508 Software Version 9.7(1)8.

Netflow config:

flow-export destination inside 172.16.1.173
flow-export template timeout-rate 1

access-list global_mpc_netflow extended permit ip any any

class-map global_class_netflow
match access-list global_mpc_netflow

policy-map global_policy
class firepower_class_map
sfr fail-open
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
class global_class_netflow
flow-export event-type all destination 172.16.1.173

service-policy global_policy global

Local clients (172.16.1.0/24) work through NAТ. There is a problem - only outgoing packets generated by local clients are displayed by netflow (src 172.16.1.0/24). Incoming packets to local clients (src any internet address or ip wan cisco) from internet and any packages itself cisco not displayed. This is checked by packet capture and analyze by wireshark on 172.16.1.173.

allexxf · ‎01-22-2018

The question is closed. The problem is related to the specifics of the work netflow on asa, in particular bidirectional flows.

View solution in original post

allexxf · ‎01-22-2018

The question is closed. The problem is related to the specifics of the work netflow on asa, in particular bidirectional flows.