Solved: Disabling an ACL entry

phil96564 · ‎01-24-2019

Hi all

I need to disable a number of access list rules on ASA version 9.7. I know I just need to add "inactive" to the end of the rule but 1. do we simply enter the rule exactly as it currently is then add inactive, ie does it recognise that we are disabling an existing rule as opposed to creating a new (inactive) rule

2. Do we need to include the line number in the inactive rule command?

Thanks in advance

Phil.

ngkin2010 · ‎01-24-2019

1. yes, no duplicated rule is allowed. So the exactly same rule with "inactive" keyword will simply update the existing one.

2. no.

View solution in original post

shaps · ‎01-24-2019

As far as I remember if you copy the statement along with the line number and then append it with the inactive key word, this should work.

if you use the question mark at the end of the statement before applying to verify or create a dummy rule that doesnt really do anything then try with that.

ngkin2010 · ‎01-24-2019

1. yes, no duplicated rule is allowed. So the exactly same rule with "inactive" keyword will simply update the existing one.

2. no.

Marius Gunnerud · ‎01-24-2019

Optionally you can do this in ASDM. Just un-check the box next to the rule. and click Apply and then save once you are done.

--
Please remember to select a correct answer and rate helpful posts

phil96564 · ‎01-25-2019

Thanks for all the replies :)