The Cisco ASA parses its configuration line by line, so the order the configuration is in can be critical. When we need to add a line to the config it's always in the middle somewhere so we have to insert it into the access-list by line number. To do so we go to an enabled sessions and use "sh access-list <ACL name>" to show the access list with the lines numbers. So if the access list in question is called acl-dmz then the command would be:
sh access-list acl-dmz
Looking at the lines you figure out where you want the new line inserted, then you go into configuration, and preface the line with "access-list <ACL name> line <number> <command>". So if I want to allow traffic on a new external IP address in the acl-out access list at line 10 the command would be:
access-list acl-out line 10 extended permit tcp any host 192.168.0.1 eq www
No comments:
Post a Comment