ASA 5550 ACl's

Dale Sanderson · ‎11-26-2009

Hello,

I am carrying out some cleanup tasks on our 5550 firewall; and am using the syntax below in conf t to remove old access-lists (the majority are access lists left from captures etc) :

host# sh access-list CAP1
access-list SL-CAP; 0 elements
host# conf t
host(config)# clear configure access-list CAP1
host(config)# wr
Building configuration...
[OK]
host(config)# end
host# sh access-list CAP1
access-list CAP1; 0 elements

All other access lists apart from this and one other have removed as expected - I have checked to see if the captures are still running, but they have been removed.

Any advice that you could be provide would be greatly appreciated, thankyou in advance!

Tanveer Deewan · ‎11-26-2009

Hi,

can you get the output of the following?

show run | i CAP1

show run | i SL-CAP

Dale Sanderson · ‎11-27-2009

Forgive my mistake - there is only one access list I am in reference to - that was my mistake on failing to sanatise the output properly

In full :

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements
host# conf t
host(config)# clear configure access-list SL-CAP
host(config)# wr
Building configuration...

[OK]
host(config)# end
host# sh run | inc SL-CAP

#no output#

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements

Regards