[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2068
  • Last Modified:

delete access and nat rule asa 5520

using the cli, how can I delete an access and nat rule pertaining to a certain name\ip address? This is what I found in th eshow config on the asa with everything pertaining to that IP that I want to delete:

name 75.111.122.303 vault2010_outside description Created for Exchange 2010 for access to archived email

access-list outside_access_in extended permit tcp any host 75.111.122.303 object-group vault_tcp

asdm location 75.111.122.303 255.255.255.255 inside

static (inside,outside) 75.111.122.303  access-list inside_nat_static_11
0
tolinrome
Asked:
tolinrome
  • 4
  • 3
2 Solutions
 
SepistCommented:
You can place a "no" in front of each of those in config mode to remove them from the running configuration.
0
 
tolinromeAuthor Commented:
what do each of those commands represent? the 2nd one is an access list seems, the first one idk, the third asdm location???? and the last one?
0
 
SepistCommented:
name 75.111.122.303 vault2010_outside <-- Just a name/IP conversion so that you can reference the name when adding it to access-lists

asdm location 75.111.122.303 255.255.255.255 inside <-- permitting 75.111.122.303 to access ASDM from the inside interface

static (inside,outside) 75.111.122.303  access-list inside_nat_static_11  <-- This is a policy-nat, basically any traffic that matches access-list inside_nat_static_11 will be natted to the external IP of 75.111.122.303 when going out to the internet.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
Ernie BeekCommented:
Most of them you can remove by putting a no in front of the line. Only be carefull with the ACL, you could delete the whole thing. If you know what line it is in the ACL (1st, 2nd) you could use:
no access-list outside_access_in line 5 extended permit tcp any host 75.111.122.303 object-group vault_tcp Assuming it is on line 5
0
 
Ernie BeekCommented:
Ok, two extra comments. Typing too slow again I see ;)
0
 
Ernie BeekCommented:
And BTW,
asdm location 75.111.122.303 255.255.255.255 inside <-- permitting 75.111.122.303 to access ASDM from the inside interface

asdm location is NOT for permitting ASDM access, that's what the http commands are for. asdm location is added to the running configuration by ASDM and uses it for internal communication.
0
 
SepistCommented:
Ah, thanks for the correction. I don't use ASDM and thought it was similar to the ssh command.
0
 
Ernie BeekCommented:
Ah wel, it can be quite misguiding at times :)
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now