We are trying to send netflow from our internet router (64.xx.xx.1) to an inside netflow collector (10.10.xx.81).
The following are flow export config and static ip route on internet router.
ip flow-export source GigabitEthernet0/1
ip flow-export version 9 peer-as
ip flow-export destination 10.10.xx.81 2055
ip route 10.10.xx.81 255.255.255.255 64.xx.xx.2 (64.xx.xx.2 is outside interface of ASA5520)
The following is ACL on ASA5520 which I see hits on.
access-list OUTSIDE extended permit udp host 64.xx.xx.1 host 10.10.xx.81 eq 2055
I now see the following log messages on ASA5520
5 Oct 22 2010 08:44:50 10.10.xx.81 2055 Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:64.xx.xx.1/50847 dst inside:10.10.xx.81/2055 denied due to NAT reverse path failure