https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424028#M776691 <HTML><HEAD></HEAD><BODY><P>Ok, thankyou for the advice!</P><P></P><P>I will leave this thread open for a little to see if further networking guru's can advise &amp; at a last resort I will use your method.</P><P></P><P>Thanks again!</P></BODY></HTML> Mon, 21 Dec 2009 17:11:22 GMT Dale Sanderson 2009-12-21T17:11:22Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424024#M776687 <P>I do apologise for reposting; however I am still having a few issues.</P><P></P><P>After removing a capture from the firewall, I am now trying to remove the access-list associated.</P><P></P><P>However, the below output shows that the access-list is still infact present on the firewall</P><P></P><P>host# sh access-list SL-CAP<BR />access-list SL-CAP; 0 elements<BR />host# conf t<BR />host(config)# clear configure access-list SL-CAP<BR />host(config)# wr<BR />Building configuration...</P><P></P><P>[OK]<BR />host(config)# end<BR />host# sh run | inc SL-CAP</P><P></P><P>#no output#</P><P></P><P>host# sh access-list SL-CAP<BR />access-list SL-CAP; 0 elements</P><P></P><P>Although it is not really a big problem; it would be nice to resolve and see what is causing this strange behaviour.</P><P></P><P>Regards</P> Mon, 11 Mar 2019 16:50:38 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424024#M776687 Dale Sanderson 2019-03-11T16:50:38Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424025#M776688 <HTML><HEAD></HEAD><BODY><P>just wondering why don't you use the "no " prefix for removing ACL??</P></BODY></HTML> Mon, 21 Dec 2009 16:21:06 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424025#M776688 mohsin.khan 2009-12-21T16:21:06Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424026#M776689 <HTML><HEAD></HEAD><BODY><P>I believe that using "no" will only remove particular ACL entries as opposed to the ACL itself; forgive me if I am wrong on that..</P></BODY></HTML> Mon, 21 Dec 2009 16:31:19 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424026#M776689 Dale Sanderson 2009-12-21T16:31:19Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424027#M776690 <HTML><HEAD></HEAD><BODY><P>No, infact you are right, thanks for making me rush to the config guide <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN>,&nbsp; but at times there are few commands that need system restart to flush out from the NVRAM. Not sure about this particular command. I haven't used the clear configure command, rather i usually copy the config to a notepad and add a no statement to the ACL (to all if i need to delete the complete ACL).</P></BODY></HTML> Mon, 21 Dec 2009 17:08:10 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424027#M776690 mohsin.khan 2009-12-21T17:08:10Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424028#M776691 <HTML><HEAD></HEAD><BODY><P>Ok, thankyou for the advice!</P><P></P><P>I will leave this thread open for a little to see if further networking guru's can advise &amp; at a last resort I will use your method.</P><P></P><P>Thanks again!</P></BODY></HTML> Mon, 21 Dec 2009 17:11:22 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424028#M776691 Dale Sanderson 2009-12-21T17:11:22Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424029#M776692 <HTML><HEAD></HEAD><BODY><P>If the following doesn't work</P><P></P><P>conf t</P><P>clear config access-list SL-CAP</P><P></P><P>Then add a few lines of dummy acl to the access-list like</P><P></P><P>access-l SL-CAP permit icmp any any</P><P>access-l SL-CAP deny ip any any</P><P></P><P>Make sure sh access-l SL-CAP | i elements</P><P></P><P>shows 2 and then try the same thing again.</P><P></P><P>clear config access-l SL-CAP</P><P></P><P></P><P>-KS</P></BODY></HTML> Mon, 21 Dec 2009 17:13:41 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424029#M776692 Kureli Sankar 2009-12-21T17:13:41Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424030#M776693 <HTML><HEAD></HEAD><BODY><P>Ok, will give that a go</P><P></P><P>Cheers</P></BODY></HTML> Mon, 21 Dec 2009 17:16:07 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424030#M776693 Dale Sanderson 2009-12-21T17:16:07Z https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424031#M776694 <HTML><HEAD></HEAD><BODY><P>You my friend, are a star!</P><P></P><P>That worked perfectly - I take it that an 'empty' access list cannot be removed and will bare this in mind for future and ensure the list is populated.</P><P></P><P>Thanks again!</P></BODY></HTML> Mon, 21 Dec 2009 17:21:03 GMT https://community.cisco.com/t5/network-security/asa-5500-access-list-removal/m-p/1424031#M776694 Dale Sanderson 2009-12-21T17:21:03Z