11-24-2012 01:01 PM - edited 03-11-2019 05:27 PM
hi all
i have working 5510 with some NAT and access lists configured. I use secplus license on 5510. Now I want to move couple of interfaces from 100 to 1000 port without lose of configured rules. if I try to remove existing interface and create it on another port ASA removes all rules associated with interface(((
how I can do it without deleting rules?
Sent from Cisco Technical Support Android App
11-24-2012 05:06 PM
Doing what you need is a bit tricky. You will need to copy off the rules and reapply them to the new interface once you have set it up. If there's any way around that, I'm not aware of it.
Hope this helps.
11-25-2012 08:57 AM
I have about 90 NAT rules and about twice more
acls. Do you know about tool to export/import rules belonging to a particular interface?
Sent from Cisco Technical Support Android App
11-25-2012 11:27 AM
It's not so much a tool as it is just recreate the rules and apply to the newly redesignated interfaces. Here's an outline of what I have done in the past:
Save the config offline in a text file.
Note the NAT and access-lists that will be affected.
Change your interface designations (this will delete any associated NAT and access-list config)
Add in the deleted config lines from your backup file and compare / test for verification.
You may find it useful to look at the before and after configs in a difference comparison tool like the free ExamDiff. It will highlight anything you may have missed. http://www.prestosoft.com/edp_examdiff.asp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide