Cisco ASA ERROR: Capture doesn’t support access-list containing mixed policies

Issue

When trying to run a capture you experience the following error,

asa-skyn3t(config)# access-list cap-acl permit ip any any
asa-skyn3t(config)# capture inside interface inside access-list cap-acl
ERROR: Capture doesn't support access-list <cap> containing mixed policies

Solution

Within ASA 9.0 the ‘any’ keyword now represents all IPv4 and IPv6 traffic. And the new keywords ‘any4’ and ‘any6’ have been introduced to represent either IPv4 or IPv6 traffic.

To resolve the issue perviously seen use the ‘any4′ or any6’ keywords within your ACL,

asa-skyn3t(config)# access-list cap-acl permit ip any4 any4
asa-skyn3t(config)# capture inside interface inside access-list cap-acl

 

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial