Remove ACL from ACE(object-group)

Unanswered Question
Nov 27th, 2007
User Badges:


I need to remove only an ACL entry from ACE which i created by adding network object in object-group.....i am not able to do same because all ACL having same line no. and ACL name.

#access-list acl-in line 120 extended permit tcp object-group xxx-xxx-xxx host x.x.x.x eq xxxx

access-list acl-in line 120 extended permit tcp host x.x.x.x host x.x.x.x eq xxx

any idea to remove........

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
arif786 Tue, 11/27/2007 - 05:53
User Badges:

why can't u copy that exact statement, and go for?


srue Tue, 11/27/2007 - 06:01
User Badges:
  • Blue, 1500 points or more

you have to remove it from the object-group. you can't selectively allow only parts of an object group in an ACL.

amit.secure1 Tue, 11/27/2007 - 06:05
User Badges:

I can't remove from object-group because i allow traffic of same source>>>>diffrent destination ip and port.......

if i will remove from object then all acl will be remove for that ip from object-group and other servers will be out of customer access.....

amit.secure1 Tue, 11/27/2007 - 06:01
User Badges:

I tried same but not able to do so, getting below error...

Specified access-list does not exist

srue Tue, 11/27/2007 - 07:13
User Badges:
  • Blue, 1500 points or more

use two different object groups then.

amit.secure1 Tue, 11/27/2007 - 07:16
User Badges:

i having so many acl with same configuration in diffrent object group so it's very tuff to remove from object-group then add acl in another object-group....


This Discussion