Refer to the exhibit.
A network engineer applies the configuration shown to set up a capture on a Cisco Adaptive Security Appliance. When attempting to start a capture, this error message is observed:
ERROR: Capture doesn’t support access-list <20> containing mixed policies
For which two reasons does this error message occur? (Choose two.)
A. The ACL number is incorrect.
B. Access list type is incorrect.
C. IPv6 is enabled on the Cisco ASA.
D. A named ACL is required.
E. IPv6 is not specified on the access list with “any” keyword.
The Answer is B and D.
ACL type is wrong, should be extended.
Extended ACLs compare the source and destination addresses of the IP packets to the addresses configured in the ACL in order to control traffic. You can also make extended ACLs more granular and configured to filter traffic by criteria such as:
Protocol
Port numbers
Differentiated services code point (DSCP) value
Precedence value
State of the synchronize sequence number (SYN) bit
Correction:
B and E
For E,
The issue is if you are using “any” in your access-list then you have to be specific whether it is IPv4 or IPv6. i.e. make sure you use the prefix “any4” or “any6”.
D is wrong as if the above acl was correct the capture should take it.
Out of all of these E is the most applicable but its still vague, with that above acl and capture applied you would get the FW to complain about the “any” keyword being used instead of specific any4 or any6 for each ace.
This question / answers are all whacked.
A: is wrong because all ACL on an ASA are named. This is not a valid ACL because of the syntax.
B: The type of ACL isn’t even mentioned. still not a valid acl because of the syntax.
C: Has nothing to do with it.
D: Types of ACL are: extended, standard, ether-type, web-acl. So Yes, if this could be a right answer. It’s forced mind you.
E: this has to be a typo. It should read: IPv4 is not specified on the access list with the “any4” keyword. So both IPV4 and IPV6 is included in the any.
The correct answer to this is CE. A is basicly out of context as you dont know what “numbers” are in use. B is wrong , the access list has correct type. D – it is named acl – the name is 20. Also the acl has incorrect sytnax – there is no such a thing as host: , but inccorenct sytax is not an answer option.
Answer D is not correct. A named ACL is not necessary
You need to specify iv4 or ipv6 in the ACL and with that its related ipv4/ipv6 address, in the example its using the ANY keyword which is ipv4/6 but just using a ipv4 addess, as sch the FW will complain about it.
why not B and D ?