https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712426#M557186 <HTML><HEAD></HEAD><BODY><P>Hi Paul,</P><P></P><P>That is expected behavior in the configuration conversion process.</P><P>Unfortunately, there is no way of automatically getting back the previous config.</P><P></P><P>You could edit the access-list part of your 8.2 config, to allow traffic to real ip, instead of translated ip, and add that configuration into the cli.</P><P>However, this will involve some downtime, as you would have to delete the existing access-lists before doing that. You might also need to add/edit the object groups.</P><P></P><P>I would suggest making a backup of the current 8.3 config before doing this as well, just in case.</P><P></P><P>Hope this helps.</P><P></P><P>-Shrikant</P><P></P><P>P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.</P></BODY></HTML> Mon, 25 Apr 2011 13:00:32 GMT Shrikant Sundaresh 2011-04-25T13:00:32Z https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712425#M557185 <P id="[object]">I have just upgraded a ASA5510 from 8.2 to 8.3 using migration tool.</P><P id="[object]">All seemed to go well, still double checking the config as this is a bench test of upgrade prior to filed upgrades.</P><P id="[object]"></P><P id="[object]">Anyway one thing that is slightly frustrating is that the migration has expanded all of my access-lists, so we maybe had 10 lines of config relating to access-lists based on access-groups, now we have hundreds of lines.</P><P id="[object]">On ASDM this is bad enough but on CLI with show run its a bit of a bind.</P><P id="[object]"></P><P id="[object]">Is there any way to un-expand the access list or do I simply delete and start again using my access groups.</P><P id="[object]"></P><P id="[object]"><SPAN style="background-color: #f8fafd;">Any thoughts appreciated</SPAN></P><P id="[object]"></P><P id="[object]">Paul</P> Mon, 11 Mar 2019 20:25:12 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712425#M557185 shaucall46 2019-03-11T20:25:12Z https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712426#M557186 <HTML><HEAD></HEAD><BODY><P>Hi Paul,</P><P></P><P>That is expected behavior in the configuration conversion process.</P><P>Unfortunately, there is no way of automatically getting back the previous config.</P><P></P><P>You could edit the access-list part of your 8.2 config, to allow traffic to real ip, instead of translated ip, and add that configuration into the cli.</P><P>However, this will involve some downtime, as you would have to delete the existing access-lists before doing that. You might also need to add/edit the object groups.</P><P></P><P>I would suggest making a backup of the current 8.3 config before doing this as well, just in case.</P><P></P><P>Hope this helps.</P><P></P><P>-Shrikant</P><P></P><P>P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.</P></BODY></HTML> Mon, 25 Apr 2011 13:00:32 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712426#M557186 Shrikant Sundaresh 2011-04-25T13:00:32Z https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712427#M557187 <HTML><HEAD></HEAD><BODY><P>Thanks</P><P id="[object]"></P><P id="[object]">As this was a test bed for future upgrades to 8.3, I think I would much rather re-write to config on 8.3 than run through the migration tools and have unknowns.</P><P id="[object]">Basically what I did here was rolled back my config to 8.2 and re-did the config as suggested.</P></BODY></HTML> Mon, 09 May 2011 13:52:45 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-expanded-access-list/m-p/1712427#M557187 shaucall46 2011-05-09T13:52:45Z