Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2384
Views
0
Helpful
2
Replies

Multiple ACL entries in ASA with same Line number

Go to solution
Harmeet Singh
Level 1
Level 1

‎02-26-2017 01:04 AM - edited ‎03-12-2019 01:58 AM

Hi All,

Is it possible to add multiple ACL entries is ASA with same line number?

When we use NAME instead of line number in conf command then how the asa decide to assign a number to that entry? Can the firewall assign same number to multiple entries?

My ASA 5550 configuration is:

ciscoasa/admin# sh running-config | in ACL-OUTSIDE


access-list ACL-OUTSIDE extended permit ip host X.X.X.X any
access-list ACL-OUTSIDE extended permit ip host Y.Y.Y.Y any
access-list ACL-OUTSIDE extended permit ip host Z.Z.Z.Z any


ciscoasa/admin# sh access-list ACL-OUTSIDE


access-list ACL-OUTSIDE; 3 elements
access-list ACL-OUTSIDE line 9 extended permit ip host X.X.X.X any (hitcnt=25924815) 0x75077dcb
access-list ACL-OUTSIDE line 9 extended permit ip host Y.Y.Y.Y any (hitcnt=14691856) 0x75077dcb
access-list ACL-OUTSIDE line 9 extended permit ip host Z.Z.Z.Z any (hitcnt=58014597) 0x75077dcb

I just picked three entries for example only out of 3149 entries and hide their IPs.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎02-26-2017 02:59 AM

You can not configure multiple ACEs to have the same line number. The configured lines are just numbered 1..x. If you add a new ACE with a line number, this new ACE is added at the given position and all ACEs are shifted down one position.

But each configured ACE can result in multiple lines that are effectively used when the ACE uses objects or object-groups. That is what you see in your example.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎02-26-2017 02:59 AM

You can not configure multiple ACEs to have the same line number. The configured lines are just numbered 1..x. If you add a new ACE with a line number, this new ACE is added at the given position and all ACEs are shifted down one position.

But each configured ACE can result in multiple lines that are effectively used when the ACE uses objects or object-groups. That is what you see in your example.

0 Helpful

Go to solution
Harmeet Singh
Level 1
Level 1
In response to Karsten Iwen

‎03-18-2017 02:32 AM

Thanks Karsten Iwen.

Multiple ACE are with same line number because these are from same object group.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card