02-04-2020 08:35 AM - edited 02-21-2020 09:53 AM
Solved! Go to Solution.
02-04-2020 08:04 PM
02-04-2020 08:04 PM
02-05-2020 06:51 AM
02-05-2020 07:24 AM
02-05-2020 02:06 PM - edited 02-05-2020 02:13 PM
Why are you thinking of removing an ACL entry and then adding a new one? Is there a specific reason why you need to remove an entry first? Why not just add the updated entry and once that is confirmed to work, remove the old entry?
Also, you do not need to remove an ACL entry you could just insert an entry to a specific line and the entries below will renumber themselves.
example:
access-list inside_access_in line 9 permit ip host 1.2.3.4 host 4.3.2.1
02-06-2020 08:02 AM
02-09-2020 12:45 PM
You can do this in CLI or in ASDM without deleting the command. Easiest would be in ASDM where you just select the rule you want to move up and there are up and down arrows at the top of the ASDM page, just click the up arrow until the rule is located at the line you want it to be at.
In the CLI you would need to add the rule to line 3 and then delete the duplicate rule, as follows.
access-list inside_acl line 3 permit tcp object-group Company_Network host 10.10.10.10
no access-list inside_acl line 9 permit tcp object-group Company_Network host 10.10.10.10
02-12-2020 06:34 AM
02-12-2020 06:43 AM
You are misunderstanding. You can add any ACE even if they overlap without getting an error. You can easily do this in CLI without having any downtime.
02-12-2020 12:17 PM
You can add line 1 acl and it will automatically push all other acls down by 1. It won't delete or override other acls.
**** please remember to rate useful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide