Solved! Go to Solution.
Why are you thinking of removing an ACL entry and then adding a new one? Is there a specific reason why you need to remove an entry first? Why not just add the updated entry and once that is confirmed to work, remove the old entry?
Also, you do not need to remove an ACL entry you could just insert an entry to a specific line and the entries below will renumber themselves.
access-list inside_access_in line 9 permit ip host 188.8.131.52 host 184.108.40.206
You can do this in CLI or in ASDM without deleting the command. Easiest would be in ASDM where you just select the rule you want to move up and there are up and down arrows at the top of the ASDM page, just click the up arrow until the rule is located at the line you want it to be at.
In the CLI you would need to add the rule to line 3 and then delete the duplicate rule, as follows.
access-list inside_acl line 3 permit tcp object-group Company_Network host 10.10.10.10
no access-list inside_acl line 9 permit tcp object-group Company_Network host 10.10.10.10
You are misunderstanding. You can add any ACE even if they overlap without getting an error. You can easily do this in CLI without having any downtime.
You can add line 1 acl and it will automatically push all other acls down by 1. It won't delete or override other acls.
**** please remember to rate useful posts