12-21-2017 02:27 PM - edited 02-21-2020 07:00 AM
Hi,
I want to insert new deny line under existing ACL. I am using below steps, Please confirm if i am missing any step.
1. create object-group
object-group network TEST_SITES
description TEST_Sites
network-object <Test Site IP address>
network-object <Test Site IP Address>
2. Insert new ACL rule just s per below in the existing block ACL for access-list INTERNET_ACCESS
access-list INTERNET_ACCESS line 2 extended deny ip object-group TEST_SITES any
3. New ACL
access-list INTERNET_ACCESS extended deny ip object-group GREEN-Sites any
access-list INTERNET_ACCESS line 2 extended deny ip object-group TEST_SITES any
access-list INTERNET_ACCESS remark Inbound DNS Rule for Internet Server
access-list INTERNET_ACCESS extended permit udp any4 object-group RED_SITES eq domain
12-21-2017 04:56 PM
while inserting a new ACL in your case just use the existing line number of the other deny rule it will push the old ACL to n+1 line and you should be good
12-21-2017 05:58 PM
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide