01-16-2018 09:51 PM - edited 02-21-2020 07:09 AM
i made change in asa access rule policy, now some problem happen, may i know the steps to revert to the last policy version in live production server? thanks
01-17-2018 10:31 AM - edited 01-17-2018 10:36 AM
Unfortunately, easy reversion requires advance planning.
* if you have a text copy of the previous configuration, you can revert to it with a reload:
prep: copy running-config old-config.txt
(make changes, decide to revert)
revert: copy old-config.txt saved-config
reload
* if you were making access-list changes, keep before & after versions of the lists
old config:
access-list outside-ingress-01
...
access-group outside-ingress-01 in interface outside
prep:
access-list outside-ingress-02
...
go live:
access-group outside-ingress-02 in interface outside
revert:
access-group outside-ingress-01 in interface outside
* if you were making a policy change, keep before & after versions
policy-map global_policy_1
...
policy-map global_policy_2
...
and then switch foward with:
service-policy global_policy_2 global
or backward with:
service-policy global_policy_1 global
Sadly, the common theme is that you have to plan how you might revert before making the change.
-- Jim Leinweber, WI State Lab of Hygiene
01-17-2018 11:40 PM
hi,
do you know what config you've applied so you can roll-back?
issue a show history and negate the recent policy command changes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide