ASA 7.1 Access-list resequence

Answered Question
Jul 29th, 2010

Hi all,

     I am having difficulty finding the commands to enable me to resequence an access-list on an ASA 5550. My access list now looks like this:

access-list Outside_access_in line 1 extended permit udp *********
access-list Outside_access_in line 1 extended permit udp *********
access-list Outside_access_in line 1 extended permit udp *********
access-list Outside_access_in line 2 extended permit tcp *********
access-list Outside_access_in line 2 extended permit tcp *********
access-list Outside_access_in line 2 extended permit tcp *********
access-list Outside_access_in line 3 extended permit ip *********
access-list Outside_access_in line 3 extended permit ip *********
access-list Outside_access_in line 3 extended permit ip *********
access-list Outside_access_in line 4 extended permit ip *********
access-list Outside_access_in line 5 extended permit udp *********
access-list Outside_access_in line 6 extended permit udp *********
access-list Outside_access_in line 7 extended permit udp *********
access-list Outside_access_in line 8 extended permit ip *********
access-list Outside_access_in line 9 extended permit ip *********
access-list Outside_access_in line 10 extended permit udp *********
access-list Outside_access_in line 11 extended permit icmp *********
access-list Outside_access_in line 12 extended deny ip any any (hitcnt=319552) 0xd80e9958

Can anyone help me with this?

Many Thanks

Mark

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 3 years 8 months ago

Unfortunately there is no resequence feature on ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Jennifer Halim Thu, 07/29/2010 - 04:22

What do you mean by resequence the ACL?

Here is what you can actually do: for example if you would like to move line 10 to line 2, you would do the following:

no access-list Outside_access_in line 10 extended permit udp *********

access-list Outside_access_in line 2 extended permit udp *********

Basically, it will remove line 10, and slot line 10 that you just remove to line 2. Unfortunately you have to remove that line of ACL and configure it back on the line number that you wish. There is no moving from line# blah to line# blah feature unfortunately.

Hope that helps.

markeelen Thu, 07/29/2010 - 04:35

Hi Halijenn,

     On the Router platform you can issue the command ip access-list resequence access-list Outside_access_in and the access-list is resequenced line 10, 20, 30 etc, without manually moving all of the statements. I was hoping there would be a similar command on the ASA platform to save any "finger trouble"

Many Thanks

Cheers

Mark

markeelen Thu, 07/29/2010 - 05:06

Hi Halijenn,

     Many Thanks, I will manually do this. Thanks for your assistance.

Kind Regards

Mark

Actions

Login or Register to take actions

This Discussion

Posted July 29, 2010 at 3:28 AM
Stats:
Replies:4 Avg. Rating:5
Views:2679 Votes:0
Shares:0
Tags: asa_5500, asa_7.x
+

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446