Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3160
Views
0
Helpful
4
Replies

ACL duplicates removal

aashu21392
Level 1
Level 1

‎10-12-2016 12:02 AM - edited ‎03-12-2019 01:23 AM

Hi,

I use a file to add ACL to my ASA. The file contains set of rules (both inbound and outbound traffic). I run this file on my ASA using conf net command. Now because of a huge list (~1.7MB file) and having many duplicates the file takes longer time to execute. I want to remove these duplicate entries from the ASA and from the file. Is there any way (any script) to find out the duplicates and remove it. 

Please find few examples for duplicate types which are there in on my ASA

Exp 1.

access-list NEW extended permit tcp host 1.1.1.1 host 2.2.2.2 eq https

object-group network Cloud

network-object host 2.2.2.2

access-list NEW extended permit tcp host 1.1.1.1 object-group Cloud eq https

Exp 2.

access-list NEW extended permit tcp 1.1.0.0 255.255.0.0 host 2.2.2.2 eq https

access-list NEW extended permit tcp host 1.1.1.23 host 2.2.2.2 eq https

Please help me to get this resolved.

Regards,

Ashish

Labels:
0 Helpful
4 Replies 4

Pulkit Saxena
Cisco Employee
Cisco Employee

‎10-12-2016 12:56 AM

Hi Ashu,

Unfortunately there is no such command on cisco ASA which can help you find duplicate ACL's.

This is more of a manual work that needs to be done and is very important for ASA's improved performance.

However, you can try and use "Notepad++" where you can try and find the duplicate ACL's but again it will just point to the duplicate ACL but removal will again be manual.

-

Pulkit

_

Pulkit

0 Helpful

aashu21392
Level 1
Level 1
In response to Pulkit Saxena

‎10-12-2016 02:11 AM

Thank Pulkit

As a said above I run this from a file. So I guess i need to find a script for this and edit the file accordingly and the run it on ASA for the removal. 

Regards 

Ashish 

0 Helpful

Pulkit Saxena
Cisco Employee
Cisco Employee
In response to aashu21392

‎10-12-2016 04:57 AM

Ashish,

That will be great if you could find such script, please do share the same too bu creating your own document as that can help in lot of such scenarios.

-

Pulkit

0 Helpful

GSA
Level 1
Level 1
In response to Pulkit Saxena

‎03-28-2019 05:23 AM

Hi!

https://www.youtube.com/watch?v=e31Uz46AKn0

A utility with which you can optimize the access list. There is a search function for conflicting rules. Designed for routers, but there is a way to use for ASA lists.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card