07-02-2013 03:30 PM
Hi all
im trying to apply access list to crypto map . and when i apply it its giving me the error
ERROR: access-list has icmp type selector
any idea please . thanks all
Solved! Go to Solution.
07-03-2013 04:53 AM
The crypto-acl should be of permit IP type. You shouldn't specify protocols, like ICMP, tcp, etc.
So your proxy-acl should looks smth like this:
access-list PROXY_ACL permit IP x.x.x.x 255.255.255.9 y.y.y.y 255.255.255.0
but not this:
access-list PROXY_ACL permit icmp host x.x.x.x host y.y.y.y eq echo
07-02-2013 11:02 PM
Please elaborate the question. What device (router or ASA) are you talking about and what version? could you show us the exact commands you applied when you got the error ?
07-03-2013 04:53 AM
The crypto-acl should be of permit IP type. You shouldn't specify protocols, like ICMP, tcp, etc.
So your proxy-acl should looks smth like this:
access-list PROXY_ACL permit IP x.x.x.x 255.255.255.9 y.y.y.y 255.255.255.0
but not this:
access-list PROXY_ACL permit icmp host x.x.x.x host y.y.y.y eq echo
07-11-2013 07:00 AM
thanks Andrew . this is great help . still have problem the phase 2 tunnel is dropping on some networks . i will start new discussion for it . thanks agine
07-03-2013 09:38 AM
Andrew is correct
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide