Monday, 19 December 2016

Cisco ASA - ERROR: Capture doesn't support access-list containing mixed policies

ISSUE

When trying to run a capture you experience the following error,
asa-skyn3t(config)# access-list cap-acl permit ip any any
asa-skyn3t(config)# capture inside interface inside access-list cap-acl
ERROR: Capture doesn't support access-list <cap> containing mixed policies

SOLUTION

Within ASA 9.0 the 'any' keyword now represents all IPv4 and IPv6 traffic. And the new keywords 'any4' and 'any6' have been introduced to represent either IPv4 or IPv6 traffic.
To resolve the issue perviously seen use the 'any4' or any6' keywords within your ACL,
asa-skyn3t(config)# access-list cap-acl permit ip any4 any4
asa-skyn3t(config)# capture inside interface inside access-list cap-acl