Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4443
Views
0
Helpful
6
Replies

remove one line of access-list

pslavkovsky
Level 1
Level 1

‎06-03-2004 11:42 PM - edited ‎02-20-2020 09:24 PM

Hi,

I have one easy question.

I have in PIX configuration 25 lines of access-list.

I need remove one line of access-list.

Do I lose whole access list when I remove one line like on router access list ?

Thanks

Peter

Labels:
0 Helpful
6 Replies 6

jmia
Level 7
Level 7

‎06-04-2004 12:26 AM

Peter

I presume you are talking about editing ACLs on the pix firewall and not cisco router?

If you want to edit the ACL on your pix then do the following,

1. Log on to the pix using either HyperTerminal/telnet or console port.

2. Copy the required ACLs (inside or outside) make sure to copy the access-group ACL that corresponds to your required ACL (access-group in interface inside or access-group in interface outside).

3. Open up text editor (notepad) on your local PC/Notebook and paste the copied ACLs, type no access-list as the first line on your copied ACLs i.e. on top of your copied ACLs.

4. Now edit your ACLs as required, i.e. takeout the ACL that you don't need.

5. Back on the pix in configuration mode paste back the edited ACLs.

6. Issue command write mem on the pix to save and also issue command clear xlate.

If you have PDM running on the pix then you can delete the required ACL without having to use the above steps.

Hope this helps

Jay

0 Helpful

jonathanstevens
Level 1
Level 1
In response to jmia

‎06-04-2004 12:36 AM

That's exactly how I would do it too.

Incidentally, I tend to keep copies of the latest scripts for such changes, which makes corrections, optimisations and changes very much easier.

0 Helpful

pslavkovsky
Level 1
Level 1
In response to jonathanstevens

‎06-04-2004 12:53 AM

OK,

but when I paste edited text, the first line is "no access-list "

and second line is "access-list "

So I first remove access list and then I put new ACL.

And time between this steps?

I do not lose created connections? I have about 18000 connections created.

Peter

0 Helpful

jmia
Level 7
Level 7
In response to pslavkovsky

‎06-04-2004 01:13 AM

Peter

On your notepad just place no access-list and then your copied ACLs i.e.

no access-list inside

access-list inside permit tcp host any eq www

"

"

"

access-group inside in interface inside

Now paste back on to the pix in config mode and then save with write mem and aslo issue clear xlate, and you should be done! You need to clear translations so that your modified ACLs start to take effect.

Jay

0 Helpful

pslavkovsky
Level 1
Level 1
In response to jmia

‎06-04-2004 05:37 AM

Hi,

I got answer from one man of Cisco Systems that is possible to remove 1 line by just putting "no" infront of whole line.

Peter

0 Helpful

khotaling
Level 1
Level 1
In response to pslavkovsky

‎06-04-2004 05:53 AM

yes you can remove 1 line by typing no in front of your acl command.

0 Helpful
Customers Also Viewed These Support Documents