You can only tell a capture port what vlans to monitor. The capture port will monitor all captured packets from those vlans regardless of what VACL was used to mark those packets as capture packets.
Your data-port 1 is already monitoring all 4094 vlans so there are no additional vlans that data-port 2 would need to capture packets for.
If your switch does routing then your configuration is correct. Even though the VACL is applied to a limited set of a vlan-list X, the packets marked for capture could wind up being routed to any vlan and so all vlans have to be monitored.
NOW you could add additional vlans to your exising vlan-list, or even create another VACL and apply it to a separate vlan list. BUT in either case your data-port 1 would already be configured for monitoring them.
If your switch is NOT doing routing (pretty rare these days), then you do have an alternative. You can change the "capture allowed-vlan" list for data-port 1 to be the same "vlan-list X" that your VACL is assigned to. Then you can create a new VACL and assign it to a list Y, and configure data-port 2 to be a capture port for allowed-vlan list Y.
But this really doesn't gain you a whole lot. You could just simply add vlan list Y to data-port 1 and still monitor everything with data-port 1.
Data-port 2 doesn't really gain you much as you as a 2nd capture port.
Where data-port 2 comes in handy is when you want to do a different type of monitoring.
Data-port 2 could be setup as a Span or Rspan destination port.
OR data-port 2 coudl be setup for InLine monitoring with InLine Vlan Pairs.
It is only when you need the second type of monitoring that you can really make use of data-port 2.
For capturing traffic on additional vlans you can just continue to use data-port 1.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...