If you want to remove an access-list from a Cisco ASA Firewall then you’ll find out that removing it doesn’t work the same as on Cisco IOS routers or switches. Let me give you an example of creating an access-list and then try to remove it:
ASA1(config)# access-list MY_ACL permit ip any host 192.168.1.1 ASA1(config)# access-list MY_ACL permit ip any host 192.168.1.2 ASA1(config)# access-list MY_ACL permit ip any host 192.168.1.3
ASA1(config)# show access-list MY_ACL access-list MY_ACL; 3 elements; name hash: 0x88151b6c access-list MY_ACL line 1 extended permit ip any host 192.168.1.1 (hitcnt=0) 0x78efec90 access-list MY_ACL line 2 extended permit ip any host 192.168.1.2 (hitcnt=0) 0x74d90efe access-list MY_ACL line 3 extended permit ip any host 192.168.1.3 (hitcnt=0) 0xa4113df3
I just created a simple access-list with a couple of entries. Let’s try to delete it like you would on normal IOS:
ASA1(config)# no access-list MY_ACL ERROR: % Incomplete command
Using “no” in front of it doesn’t work…the ASA thinks that we want to remove a single entry, not delete the entire access-list. The following command will work:
Where is the command ?
Which one are you looking for?
clear configure access-list MY_ACL is to get rid of the access-list.
your command will remove all MY_ACL
what if I want to remove only one access list 192.168.1.2 and keep the other two?
please show how
If you want to remove a single statement, you can do it like this:
Let’s remove the middle statement:
ASA1(config)# no access-list MY_ACL extended permit ip any host 192.168.1.2
And verify our work:... Continue reading in our forum
You can see how to do this in the following Cisco documentation:
Note that the intent of the lesson is to show how the CLI differs from the more conventional IOS commands that we are used to. The ASDM method uses a GUI so there are no special configuration parameters there.
I hope this has been helpful!