06-20-2017 04:50 AM - edited 02-21-2020 06:11 AM
Hi guys,
I have a number of ASA firewalls that are managed via CSM (currently version 4.12). We now need to apply a control plane ACL to traffic arriving on our outside interfaces.
I've created an extended ACL in the CSM Extended Access Lists policy object pages and wish to deploy this. How do I get a FlexConfig to deploy an entire ACL?
Thanks.
06-21-2017 12:21 PM
Hi Christopher,
I haven't deployed an ACL using flexconfigs however I have used them a few times for a workaround on SNMP.
From using them there I believe you can just copy and paste your config into a flexconfig which you create. Think the settings are that you can have it apply the config first then look to see if it'd in the config when deployed or have it add it to the end of the config if it is not seen in there already.
Dan
06-21-2017 12:46 PM
I raised a call with TAC today and spoke to them.
Using FlexConfig, you can't deploy an ACL policy that is referenced as a variable. You need to manually create any objects and then create the ACL using static commands.
Following testing, it does appear thankfully that objects and ACLs used in this manner are not cleaned up on the following deployments.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide