Get Unlimited Access to 799 Cisco Lessons Now Get $1 Trial
You are here: Home » Cisco » ASA Firewall

Cisco ASA Remove Access-List

If you want to remove an access-list from a Cisco ASA Firewall then you’ll find out that removing it doesn’t work the same as on Cisco IOS routers or switches. Let me give you an example of creating an access-list and then try to remove it:

ASA1(config)# access-list MY_ACL permit ip any host 192.168.1.1
ASA1(config)# access-list MY_ACL permit ip any host 192.168.1.2
ASA1(config)# access-list MY_ACL permit ip any host 192.168.1.3
ASA1(config)# show access-list MY_ACL
access-list MY_ACL; 3 elements; name hash: 0x88151b6c
access-list MY_ACL line 1 extended permit ip any host 192.168.1.1 (hitcnt=0) 0x78efec90 
access-list MY_ACL line 2 extended permit ip any host 192.168.1.2 (hitcnt=0) 0x74d90efe 
access-list MY_ACL line 3 extended permit ip any host 192.168.1.3 (hitcnt=0) 0xa4113df3

I just created a simple access-list with a couple of entries. Let’s try to delete it like you would on normal IOS:

ASA1(config)# no access-list MY_ACL
ERROR: % Incomplete command

Using “no” in front of it doesn’t work…the ASA thinks that we want to remove a single entry, not delete the entire access-list. The following command will work:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

581 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Where is the command ?

  2. Which one are you looking for?

    clear configure access-list MY_ACL is to get rid of the access-list.

  3. Hi Rene

    your command will remove all MY_ACL
    what if I want to remove only one access list 192.168.1.2 and keep the other two?
    please show how

    Thank you

  4. Hi Hoan,

    If you want to remove a single statement, you can do it like this:

    ASA1# show run access-list 
access-list MY_ACL extended permit ip any host 192.168.1.1 
access-list MY_ACL extended permit ip any host 192.168.1.2 
access-list MY_ACL extended permit ip any host 192.168.1.3

    Let’s remove the middle statement:

    ASA1(config)# no access-list MY_ACL extended permit ip any host 192.168.1.2

    And verify our work:

    ASA1# show run access-list                                         
access-list MY_ACL extended permit ip any host 192.168.1.1 
access-list MY_ACL exte
    ... Continue reading in our forum

1 more reply! Ask a question or join the discussion by visiting our Community Forum