Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
We've MOVED! For SVCUG Events and more, visit: www.svcug.net
Community Member

ASA Spring cleaning

Hello All:

 

Over the years and multiple vendors and projects our ASA Access Rules, Static Routes, NAT entries and VPN tunnels, considerable junk has accumulated. As usual be it a contractor or staff everyone I keen in adding statements but not cleaning up!

 

Now I have the wonderful task of removing obsolete IPs, NAT and Access. VPN entries.

 

I used Solarwinds FSM to run analysis but the results were only harping in an alarming manner of the number of any to any entries. I was surprised myself but it appears to be the last statements in a section as a catch all. Cisco ASA configs does not specify best practices to restrict "any to any" use. I am prudent enough not to remove without research and safe step would be to disable and see what happens? !!

 

Any other less dramatic suggestions to test removal?  (Sample attatched)

 

All suggestions much appreciated.

 

Thx

SV

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Red

I tend to look at hit counts

I tend to look at hit counts to see if rules are being used or not, which of course you would need to run over a longer period of time. then when the rile still shows 0 hitcount after weeks, put it on non active. after a longer period you can decide to delete the rule.

probably the easiest way to clean up.

PLease rate if useful.

Please remember to rate useful posts, by clicking on the stars below.

2 REPLIES
VIP Red

I tend to look at hit counts

I tend to look at hit counts to see if rules are being used or not, which of course you would need to run over a longer period of time. then when the rile still shows 0 hitcount after weeks, put it on non active. after a longer period you can decide to delete the rule.

probably the easiest way to clean up.

PLease rate if useful.

Please remember to rate useful posts, by clicking on the stars below.

Community Member

Thank you very much

Thank you very much Appreciate the steps

 

Regards

 

SV

589
Views
0
Helpful
2
Replies
CreatePlease to create content