Hi

It filters the asp-drop type, for example if i configure "capture cap1 type asp-drop acl-drop"

But displays results for all ip ranges (everthing) that is being dropped because of reason acl-drop, not just for the source and destination subnets what I have defined in the match statement.

Thanks

Hi,

Not sure but if I am doing it on my ASA I am able to filter it on the basis of subnet.

May I know what is the requirement ?

Regards,

Aditya

Please rate helpful posts.

We access an external service which is based on 2 subnets, and some users have reported random freezes when using this external service. I just want to run a asp-drop from all internal subnets to the 2 external subnets and see if the firewalls are dropping anything.

I know the issue can be anywhere but just to ensure it is not the firewalls and to have some proof to say, ive got a capture running and it reports no drops, so the issue is elsewhere.

Thanks

Hi,

Then the idea of having asp drop captures filtered on the subnets make sense.

You would also be interested in the syslogs of the ASA at the time of the issue.

Also can you try filtering on the basis of host IP's and see if you still see the same behaviour.

Also, what ASA version are you running ?

Regards,

Aditya

Please rate helpful posts.

Thanks Aditya

I am running ASA version 9.1(6)6

Hi,

Yes it would be a good idea to check with TAC but before that you can try filtering the captures on the basis of host IP's and test.

Regards,

Aditya

Please rate helpful posts.

I may check with TAC, as the configuration for the captures is not complex, but instead not giving the desired results