ACL on ASA - line command

GRANT3779 — Tue, 12 Mar 2019 04:10:24 GMT

Hi There,

I am creating a new ACL on an ASA.

I used the following commands

access-list VLAN127_IN line 20 remark ***Deny Traffic to Rest of Lan***
access-list VLAN127_IN line 30 extended deny ip 192.168.127.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0) 0x44b972b4
access-list VLAN127_IN line 40 extended deny ip 192.168.127.0 255.255.255.0 172.16.0.0 255.240.0.0 (hitcnt=0) 0xd0b6df6b
access-list VLAN127_IN line 50 extended deny ip 192.168.127.0 255.255.255.0 192.168.128.0 255.255.255.0 (hitcnt=0) 0xded09fe7

etc..

So I ever need to squeeze a new line in the middle of the ACL at any point I could use a number in between the current lines.

When I do a show access-list however it hasn't used my increments of 10, 20, 30 etc..The lines just go up 1,2,3,4 etc..

Is there a way round this?

access-list VLAN127_IN line 2 remark ***Deny Traffic to Rest of Lan***
access-list VLAN127_IN line 3 extended deny ip 192.168.127.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0) 0x44b972b4
access-list VLAN127_IN line 4 extended deny ip 192.168.127.0 255.255.255.0 172.16.0.0 255.240.0.0 (hitcnt=0) 0xd0b6df6b
access-list VLAN127_IN line 5 extended deny ip 192.168.127.0 255.255.255.0 192.168.128.0 255.255.255.0 (hitcnt=0) 0xded09fe7

When you use the line command

kevin_giusti — Thu, 08 May 2014 12:06:15 GMT

When you use the line command with an access list it will insert the ACL in that spot and increment all lower entries by 1.

You shouldn't need to use increments of 10, 20, 30 since the ASA ACLs are pretty flexible but if you wanted to you would have to use the line command in your ACL.

Thanks,

Kevin

topic ACL on ASA - line command in Network Security

ACL on ASA - line command

When you use the line command