Hello, I am trying to create a complaince template in LMS 3.2.1 to check ALL extended access lists for an explicit deny any any rule. I found articles on how to check all interfaces including VLAN's but cannot seem to make it work for access lists. BTW, the access lists are not all named the same on all devices therefore I need to use wildcards for the name.
I forgot to mention that i am running this against Cisco ASA devices which displays like this:
access-list TEST_ACL extended deny ip any any
I have tried:
access-list [#.*#] extended deny ip any any
but it returns all as compliant becuase it is stopping at the first access-list it finds with the explicit deny ip any any command and not continuing on to check all the other access lists.
Sorry, as I wrote: for that I can't think of any solution for the syntax
access-list [name] extended [permit|deny] ...
Extended Regex can reference Match strings, so theoretical you could use the match for .* and use the value (which is the name of the access-list) for further matching but I cant imagine a way to use this possibility here...
Regards,
MiKa
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
