asa revert to last policy step

Mary · ‎01-16-2018

i made change in asa access rule policy, now some problem happen, may i know the steps to revert to the last policy version in live production server? thanks

James Leinweber · ‎01-17-2018

Unfortunately, easy reversion requires advance planning.
* if you have a text copy of the previous configuration, you can revert to it with a reload:
prep: copy running-config old-config.txt
(make changes, decide to revert)
revert: copy old-config.txt saved-config
reload

* if you were making access-list changes, keep before & after versions of the lists
old config:
access-list outside-ingress-01
...
access-group outside-ingress-01 in interface outside
prep:
access-list outside-ingress-02
...
go live:
access-group outside-ingress-02 in interface outside
revert:
access-group outside-ingress-01 in interface outside

* if you were making a policy change, keep before & after versions
policy-map global_policy_1
...
policy-map global_policy_2
...
and then switch foward with:
service-policy global_policy_2 global
or backward with:
service-policy global_policy_1 global

Sadly, the common theme is that you have to plan how you might revert before making the change.
-- Jim Leinweber, WI State Lab of Hygiene

johnlloyd_13 · ‎01-17-2018

hi,

do you know what config you've applied so you can roll-back?

issue a show history and negate the recent policy command changes.