07-02-2013 03:30 PM
Hi all
im trying to apply access list to crypto map . and when i apply it its giving me the error
ERROR: access-list has icmp type selector
any idea please . thanks all
Solved! Go to Solution.
07-03-2013 04:53 AM
The crypto-acl should be of permit IP type. You shouldn't specify protocols, like ICMP, tcp, etc.
So your proxy-acl should looks smth like this:
access-list PROXY_ACL permit IP x.x.x.x 255.255.255.9 y.y.y.y 255.255.255.0
but not this:
access-list PROXY_ACL permit icmp host x.x.x.x host y.y.y.y eq echo
07-02-2013 11:02 PM
Please elaborate the question. What device (router or ASA) are you talking about and what version? could you show us the exact commands you applied when you got the error ?
07-03-2013 04:53 AM
The crypto-acl should be of permit IP type. You shouldn't specify protocols, like ICMP, tcp, etc.
So your proxy-acl should looks smth like this:
access-list PROXY_ACL permit IP x.x.x.x 255.255.255.9 y.y.y.y 255.255.255.0
but not this:
access-list PROXY_ACL permit icmp host x.x.x.x host y.y.y.y eq echo
07-11-2013 07:00 AM
thanks Andrew . this is great help . still have problem the phase 2 tunnel is dropping on some networks . i will start new discussion for it . thanks agine
07-03-2013 09:38 AM
Andrew is correct
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: