Solved: ERROR: access-list has icmp type selector

Ahmed Al jawad · ‎07-02-2013

Hi all

im trying to apply access list to crypto map . and when i apply it its giving me the error

ERROR: access-list has icmp type selector

any idea please . thanks all

Andrew Phirsov · ‎07-03-2013

The crypto-acl should be of permit IP type. You shouldn't specify protocols, like ICMP, tcp, etc.

So your proxy-acl should looks smth like this:

access-list PROXY_ACL permit IP x.x.x.x 255.255.255.9 y.y.y.y 255.255.255.0

but not this:

access-list PROXY_ACL permit icmp host x.x.x.x host y.y.y.y eq echo

View solution in original post

Eduardo Aliaga · ‎07-02-2013

Please elaborate the question. What device (router or ASA) are you talking about and what version? could you show us the exact commands you applied when you got the error ?

Andrew Phirsov · ‎07-03-2013

The crypto-acl should be of permit IP type. You shouldn't specify protocols, like ICMP, tcp, etc.

So your proxy-acl should looks smth like this:

access-list PROXY_ACL permit IP x.x.x.x 255.255.255.9 y.y.y.y 255.255.255.0

but not this:

access-list PROXY_ACL permit icmp host x.x.x.x host y.y.y.y eq echo

Ahmed Al jawad · ‎07-11-2013

thanks Andrew . this is great help . still have problem the phase 2 tunnel is dropping on some networks . i will start new discussion for it . thanks agine

Shaoqin Li · ‎07-03-2013

Andrew is correct

Sent from Cisco Technical Support iPhone App