How to Remove an Access-List on a Cisco ASA

If this is driving you crazy, like it did me. Here is how to remove an access-list from a Cisco ASA. Note you will have to execute these commands from Global Configuration mode.

Nothing fancy, but you would logically think no access-list id would work, it doesn’t, you have to use the clear configure access-list command as I show below.

FW(config)# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
            alert-interval 300
access-list ALLOW_ANY; 1 elements; name hash: 0x6bae7b21
access-list ALLOW_ANY line 1 extended permit ip any any (hitcnt=0) 0xb036be04
FW(config)# clear configure access-list ALLOW_ANY
FW(config)#
Sep 6th, 2011 • Posted in ASA, Data Plane Protection, Security
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>