• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2241
  • Last Modified:

delete access and nat rule asa 5520

using the cli, how can I delete an access and nat rule pertaining to a certain name\ip address? This is what I found in th eshow config on the asa with everything pertaining to that IP that I want to delete:

name 75.111.122.303 vault2010_outside description Created for Exchange 2010 for access to archived email

access-list outside_access_in extended permit tcp any host 75.111.122.303 object-group vault_tcp

asdm location 75.111.122.303 255.255.255.255 inside

static (inside,outside) 75.111.122.303  access-list inside_nat_static_11
0
tolinrome
Asked:
tolinrome
  • 4
  • 3
2 Solutions
 
SepistCommented:
You can place a "no" in front of each of those in config mode to remove them from the running configuration.
0
 
tolinromeAuthor Commented:
what do each of those commands represent? the 2nd one is an access list seems, the first one idk, the third asdm location???? and the last one?
0
 
SepistCommented:
name 75.111.122.303 vault2010_outside <-- Just a name/IP conversion so that you can reference the name when adding it to access-lists

asdm location 75.111.122.303 255.255.255.255 inside <-- permitting 75.111.122.303 to access ASDM from the inside interface

static (inside,outside) 75.111.122.303  access-list inside_nat_static_11  <-- This is a policy-nat, basically any traffic that matches access-list inside_nat_static_11 will be natted to the external IP of 75.111.122.303 when going out to the internet.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
Ernie BeekExpertCommented:
Most of them you can remove by putting a no in front of the line. Only be carefull with the ACL, you could delete the whole thing. If you know what line it is in the ACL (1st, 2nd) you could use:
no access-list outside_access_in line 5 extended permit tcp any host 75.111.122.303 object-group vault_tcp Assuming it is on line 5
0
 
Ernie BeekExpertCommented:
Ok, two extra comments. Typing too slow again I see ;)
0
 
Ernie BeekExpertCommented:
And BTW,
asdm location 75.111.122.303 255.255.255.255 inside <-- permitting 75.111.122.303 to access ASDM from the inside interface

asdm location is NOT for permitting ASDM access, that's what the http commands are for. asdm location is added to the running configuration by ASDM and uses it for internal communication.
0
 
SepistCommented:
Ah, thanks for the correction. I don't use ASDM and thought it was similar to the ssh command.
0
 
Ernie BeekExpertCommented:
Ah wel, it can be quite misguiding at times :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now