?
Solved

delete access rule cisco asa

Posted on 2012-08-30
3
Medium Priority
?
3,628 Views
Last Modified: 2012-09-10
I have an access rule under the outside interface i'd like to delete using the cli. How can I do it? Thanks.
0
Comment
Question by:tolinrome
  • 2
3 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 38352291
To remove a line using the CLI on a Cisco device you need to be in config -t mode and type the line with a preceeding "no" (without the quotes)

Example:

no ip access-list extended Accounting_VLAN_Access
0
 
LVL 7

Author Comment

by:tolinrome
ID: 38352345
So what would my command look like?
"no ip access-list extended example.domain.com description example.domain"

it's a little confusing to me since when i do a sh run on the asa I see a few entries for this destination\hostname. For ex:

name 75.158.x.x example.domain.com description example.domain

then:

access-list outside_access_in line 33 extended permit object-group TCPUDP any host 75.158.x.x eq www 0x3ec69408
  access-list outside_access_in line 33 extended permit udp any host 75.158.x.x eq www (hitcnt=0) 0xad4b33ed
  access-list outside_access_in line 33 extended permit tcp any host 75.158.x.x eq www (hitcnt=298) 0xa974ba2e

then:

access-list outside_access_in extended permit object-group TCPUDP any host 75.158.x.x eq www

then:

asdm location 75.158.x.x 255.255.255.255 inside

then:

static (inside,outside) 75.158.x.x  access-list inside_nat_static_13
0
 
LVL 26

Accepted Solution

by:
pony10us earned 600 total points
ID: 38352369
You can enter each line individually from the bottom to the top preceeding with a "no" or you could create a text file with all lines preceded with a "no" and then copy/paste the entire list at the prompt.

no access-list outside_access_in line 33 extended permit object-group TCPUDP any host 75.158.x.x eq www
no access-list outside_access_in line 33 extended permit udp any host 75.158.x.x eq www
no access-list outside_access_in line 33 extended permit tcp any host 75.158.x.x eq www
no access-list outside_access_in extended permit object-group TCPUDP any host 75.158.x.x eq www
no asdm location 75.158.x.x 255.255.255.255 inside
no static (inside,outside) 75.158.x.x  access-list inside_nat_static_13

Open in new window

0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question