Skip to main content

Cisco ASA ACL fails for Mixed Policies

By September 21, 2016September 11th, 2020Best Practices, Blog, Cisco
AS Core internet Graph

I run into the issue everyonce in a while when I try to setup a new access-list:

Test(config)#access-list CAP permit ip any any

Test(config)#capture CAP interface outside access-list CAP

ERROR: Capture doesn’t support access-list <CAP> containing mixed policies

The issue here is the term any. This implies both IPv4 and IPv6 (any4, any6). What the error is trying to tell you is that you need to specify which protocol you are using. Typically we are using IPv4, so if we enter the ACL to look like:

Test(config)#access-list CAP permit ip any4 any4

                Test(config)#capture CAP interface outside access-list CAP

You do not get the error and the acl takes.

Jason Howe, PEI

Leave a Reply