Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14420
Views
0
Helpful
2
Replies

Inactive ACL in ASA

Go to solution
mahesh18
Level 6
Level 6

‎10-10-2013 10:46 AM - edited ‎03-11-2019 07:50 PM

                   Hi Everyone,

On ASDM  i see few ACL that are greyed out and have line on them.

On CLI i see those ACL  with  inactive at then end.

Need to confirm why these ACL have inactive at then end?

Why they are greyed out in ASDM ?

Regards

MAhesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎10-10-2013 10:51 AM

Hi Mahesh,

Essentially the "inactive" means that the rule is configured on the ASA but its disabled and isnt used.

This is for example situation where you dont want to remove the ACL rule but just want to temporarily disable it.

The rule being greyed out in the ASDM means the same. Its present in the configurations but is disabled so the ASA should consider this rule when traffic is coming through the ASA.

I have not really configured any ACL rules as "inactive" myself. I tend to remove them completely and re-enter something if there is a need.

Here is the explanation of the parameter "inactive" from the ASA Command Reference

inactive      (Optional)    Disables an ACE. To reenable it, enter the entire ACE without
                                   the inactive keyword. This feature lets you keep a record of an inactive
                                   ACE in your configuration to make reenabling easier.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎10-10-2013 10:51 AM

Hi Mahesh,

Essentially the "inactive" means that the rule is configured on the ASA but its disabled and isnt used.

This is for example situation where you dont want to remove the ACL rule but just want to temporarily disable it.

The rule being greyed out in the ASDM means the same. Its present in the configurations but is disabled so the ASA should consider this rule when traffic is coming through the ASA.

I have not really configured any ACL rules as "inactive" myself. I tend to remove them completely and re-enter something if there is a need.

Here is the explanation of the parameter "inactive" from the ASA Command Reference

inactive      (Optional)    Disables an ACE. To reenable it, enter the entire ACE without
                                   the inactive keyword. This feature lets you keep a record of an inactive
                                   ACE in your configuration to make reenabling easier.

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎10-10-2013 07:56 PM

Many thanks Jonui

MAhesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card