Solved: ASA 5500 Access List removal

Dale Sanderson · ‎12-21-2009

I do apologise for reposting; however I am still having a few issues.

After removing a capture from the firewall, I am now trying to remove the access-list associated.

However, the below output shows that the access-list is still infact present on the firewall

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements
host# conf t
host(config)# clear configure access-list SL-CAP
host(config)# wr
Building configuration...

[OK]
host(config)# end
host# sh run | inc SL-CAP

#no output#

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements

Although it is not really a big problem; it would be nice to resolve and see what is causing this strange behaviour.

Regards

Kureli Sankar · ‎12-21-2009

If the following doesn't work

conf t

clear config access-list SL-CAP

Then add a few lines of dummy acl to the access-list like

access-l SL-CAP permit icmp any any

access-l SL-CAP deny ip any any

Make sure sh access-l SL-CAP | i elements

shows 2 and then try the same thing again.

clear config access-l SL-CAP

-KS

View solution in original post

mohsin.khan · ‎12-21-2009

just wondering why don't you use the "no " prefix for removing ACL??

Dale Sanderson · ‎12-21-2009

I believe that using "no" will only remove particular ACL entries as opposed to the ACL itself; forgive me if I am wrong on that..

mohsin.khan · ‎12-21-2009

No, infact you are right, thanks for making me rush to the config guide , but at times there are few commands that need system restart to flush out from the NVRAM. Not sure about this particular command. I haven't used the clear configure command, rather i usually copy the config to a notepad and add a no statement to the ACL (to all if i need to delete the complete ACL).

Dale Sanderson · ‎12-21-2009

Ok, thankyou for the advice!

I will leave this thread open for a little to see if further networking guru's can advise & at a last resort I will use your method.

Thanks again!

Kureli Sankar · ‎12-21-2009