cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

37135
Views
0
Helpful
7
Replies
Dale Sanderson
Beginner

ASA 5500 Access List removal

I do apologise for reposting; however I am still having a few issues.

After removing a capture from the firewall, I am now trying to remove the access-list associated.

However, the below output shows that the access-list is still infact present on the firewall

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements
host# conf t
host(config)# clear configure access-list SL-CAP
host(config)# wr
Building configuration...

[OK]
host(config)# end
host# sh run | inc SL-CAP

#no output#

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements

Although it is not really a big problem; it would be nice to resolve and see what is causing this strange behaviour.

Regards

1 ACCEPTED SOLUTION

Accepted Solutions

If the following doesn't work

conf t

clear config access-list SL-CAP

Then add a few lines of dummy acl to the access-list like

access-l SL-CAP permit icmp any any

access-l SL-CAP deny ip any any

Make sure sh access-l SL-CAP | i elements

shows 2 and then try the same thing again.

clear config access-l SL-CAP

-KS

View solution in original post

7 REPLIES 7
mohsin.khan
Participant

just wondering why don't you use the "no " prefix for removing ACL??

I believe that using "no" will only remove particular ACL entries as opposed to the ACL itself; forgive me if I am wrong on that..

No, infact you are right, thanks for making me rush to the config guide ,  but at times there are few commands that need system restart to flush out from the NVRAM. Not sure about this particular command. I haven't used the clear configure command, rather i usually copy the config to a notepad and add a no statement to the ACL (to all if i need to delete the complete ACL).

Ok, thankyou for the advice!

I will leave this thread open for a little to see if further networking guru's can advise & at a last resort I will use your method.

Thanks again!

If the following doesn't work

conf t

clear config access-list SL-CAP

Then add a few lines of dummy acl to the access-list like

access-l SL-CAP permit icmp any any

access-l SL-CAP deny ip any any

Make sure sh access-l SL-CAP | i elements

shows 2 and then try the same thing again.

clear config access-l SL-CAP

-KS

Ok, will give that a go

Cheers

You my friend, are a star!

That worked perfectly - I take it that an 'empty' access list cannot be removed and will bare this in mind for future and ensure the list is populated.

Thanks again!

Create
Recognize Your Peers
Content for Community-Ad