Well today i had a big project where i was configuring a new context +++, i will stick in the fw as i had the following issue. I put the basic config and then i added 1 acl for 1 zone, acl was assigned to the interface properly also. Then i tried to add the 2nd acl for a 2nd zone but i was getting an error like do not mix acl or whatever. I am sorry that i do not remember the error i will check tomorrow and i will post it here but after 12 hours of work my brain was like agrhhhhh. To sum up, i was so frustrated and for 90 minutes i was struggling, i was not able to add any acl there just remarks!!! I tried from asdm the same.
So i decided to delete the context and i followed the same steps!!! It worked as it was supposed to. Has anyone seen a similar behavior? First time i have seen it.
What kind of firewall is it?
this was the error
ERROR: Cannot mix different types of access lists
@Dean is an ASA 5585, version 9.3
Did the ACL mix TCP and UDP ports? If they're all together in a service group, that should not be a problem. But if they're in separate groups, then they need to be in separate rules... or have the groups added to a service group.
actually the first rule was permit icmp any4 any4 group-icmp
where in the group icmp i have the echo/reply/unreachable and exceeded
i even tried later adding a permit ip host host
no luck :D
so i deleted the context + the configuration file , followed the same steps and everything worked like charm :)
Honestly, I don't do a lot with contexts. Deleting them sounds like the right way to go.
:problem?: