https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928496#M149314 <P>Hi,</P> <P></P> <P>I use a file to add ACL to my ASA. The file contains set of rules (both inbound and outbound traffic). I run this file on my ASA using <STRONG>conf net</STRONG> command. Now because of a huge list (~1.7MB file) and having many duplicates the file takes longer time to execute. I want to remove these duplicate entries from the ASA and from the file. Is there any way (any script) to find out the duplicates and remove it.&nbsp;</P> <P></P> <P>Please find few examples for duplicate types which are there in on my ASA</P> <P><STRONG>Exp 1.</STRONG></P> <P><STRONG>access-list NEW&nbsp;extended permit tcp host 1.1.1.1 host 2.2.2.2 eq https</STRONG></P> <P><STRONG></STRONG></P> <P><STRONG>object-group network Cloud</STRONG></P> <P><STRONG>network-object host 2.2.2.2</STRONG></P> <P><STRONG></STRONG></P> <P><STRONG>access-list NEW&nbsp;extended permit tcp host 1.1.1.1 object-group Cloud&nbsp;eq https</STRONG></P> <P><STRONG></STRONG></P> <P><B>Exp 2.</B></P> <P><B><STRONG>access-list NEW&nbsp;extended permit tcp 1.1.0.0 255.255.0.0 host 2.2.2.2 eq https</STRONG></B></P> <P><B><STRONG></STRONG></B></P> <P><B><STRONG>access-list NEW&nbsp;extended permit tcp host 1.1.1.23 host 2.2.2.2 eq https</STRONG></B></P> <P><B><STRONG></STRONG></B></P> <P>Please help me to get this resolved.</P> <P><B></B></P> <P>Regards,</P> <P>Ashish</P> Tue, 12 Mar 2019 08:23:03 GMT aashu21392 2019-03-12T08:23:03Z https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928496#M149314 <P>Hi,</P> <P></P> <P>I use a file to add ACL to my ASA. The file contains set of rules (both inbound and outbound traffic). I run this file on my ASA using <STRONG>conf net</STRONG> command. Now because of a huge list (~1.7MB file) and having many duplicates the file takes longer time to execute. I want to remove these duplicate entries from the ASA and from the file. Is there any way (any script) to find out the duplicates and remove it.&nbsp;</P> <P></P> <P>Please find few examples for duplicate types which are there in on my ASA</P> <P><STRONG>Exp 1.</STRONG></P> <P><STRONG>access-list NEW&nbsp;extended permit tcp host 1.1.1.1 host 2.2.2.2 eq https</STRONG></P> <P><STRONG></STRONG></P> <P><STRONG>object-group network Cloud</STRONG></P> <P><STRONG>network-object host 2.2.2.2</STRONG></P> <P><STRONG></STRONG></P> <P><STRONG>access-list NEW&nbsp;extended permit tcp host 1.1.1.1 object-group Cloud&nbsp;eq https</STRONG></P> <P><STRONG></STRONG></P> <P><B>Exp 2.</B></P> <P><B><STRONG>access-list NEW&nbsp;extended permit tcp 1.1.0.0 255.255.0.0 host 2.2.2.2 eq https</STRONG></B></P> <P><B><STRONG></STRONG></B></P> <P><B><STRONG>access-list NEW&nbsp;extended permit tcp host 1.1.1.23 host 2.2.2.2 eq https</STRONG></B></P> <P><B><STRONG></STRONG></B></P> <P>Please help me to get this resolved.</P> <P><B></B></P> <P>Regards,</P> <P>Ashish</P> Tue, 12 Mar 2019 08:23:03 GMT https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928496#M149314 aashu21392 2019-03-12T08:23:03Z https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928497#M149316 <P>Hi Ashu,</P> <P></P> <P>Unfortunately there is no such command on cisco ASA which can help you find duplicate ACL's.</P> <P>This is more of a manual work that needs to be done and is very important for ASA's improved performance.</P> <P></P> <P>However, you can try and use "Notepad++" where you can try and find the duplicate ACL's but again it will just point to the duplicate ACL but removal will again be manual.</P> <P></P> <P>-</P> <P>Pulkit</P> <P>_</P> <P>Pulkit</P> Wed, 12 Oct 2016 07:56:12 GMT https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928497#M149316 Pulkit Saxena 2016-10-12T07:56:12Z https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928498#M149317 <P>Thank Pulkit</P> <P></P> <P>As a said above I run this from a file. So I guess i need to find a script for this and edit the file accordingly and the run it on ASA for the removal.&nbsp;</P> <P></P> <P>Regards&nbsp;</P> <P>Ashish&nbsp;</P> Wed, 12 Oct 2016 09:11:09 GMT https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928498#M149317 aashu21392 2016-10-12T09:11:09Z https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928499#M149318 <P>Ashish,</P> <P></P> <P>That will be great if you could find such script, please do share the same too bu creating your own document as that can help in lot of such scenarios.</P> <P></P> <P>-</P> <P>Pulkit</P> Wed, 12 Oct 2016 11:57:31 GMT https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/2928499#M149318 Pulkit Saxena 2016-10-12T11:57:31Z https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/3828005#M149319 <P>Hi!</P><P><A href="https://www.youtube.com/watch?v=e31Uz46AKn0" target="_blank">https://www.youtube.com/watch?v=e31Uz46AKn0</A></P><P>A utility with which you can optimize the access list. There is a search function for conflicting rules. Designed for routers, but there is a way to use for ASA lists.</P><P>&nbsp;</P> Thu, 28 Mar 2019 12:23:41 GMT https://community.cisco.com/t5/network-security/acl-duplicates-removal/m-p/3828005#M149319 GSA 2019-03-28T12:23:41Z