Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Network Configuration Manager (NCM) > NCM 7.7 Administrator Guide > Cisco ASA ACL rules > Manage Cisco ASA ACLs

Manage Cisco ASA ACLs

Created by Melanie Boyd, last modified by Melanie Boyd on Sep 26, 2017

Views: 86 Votes: 0 Revisions: 1

Use SolarWinds NCM to help you manage the access control lists (ACLs) for your Cisco ASA devices:

Display the ACLs on a Cisco ASA firewall

  1. Choose My Dashboards > Configuration Management.
  2. Double-click the name of a Cisco ASA node.

    The Node Details page opens.

  3. From the menu on the left, choose Access Lists.

    The Access Lists page lists the ACLs configured for that node. If the ACL has changed, click the arrow to display a list of previous versions.

    A a warning icon icon_warn.png indicates that the ACL contains overlapping rules. You can display the ACL rules to find out which rules overlap.

    ACL_rules.png

Compare ACLs

Use NCM to quickly locate the differences between ACLs or ACL versions. For example, you can compare two versions of the same ACL to verify that changes were implemented correctly. Or you can compare ACLs on different nodes to verify that the same rules are being applied on both devices.

Compare ACLs on the same node

  1. Display the list of ACLs on a Cisco ASA firewall.
  2. Select the ACLs or ACL versions to compare.

    To compare the current version to a previous version, expand the node to list previous versions.

  3. At the top of the page, click Compare ACL.

    The rules from both ACLs are displayed beside each other. The line number of rules with differences are highlighted.

Compare ACLs on different nodes

To compare ACLs on different nodes, first select two ACLs on the same node, and then change one of the ACLs being compared.

  1. Display the list of ACLs on one of the Cisco ASA firewalls.
  2. Select the ACL that you want to compare, and any other ACL on that node.

    You will change the second selection later.

  3. At the top of the page, click Compare ACL.

    The rules from both ACLs are displayed beside each other. The line number of rules with differences are highlighted.

  4. Change the second ACL to an ACL on a different node:
    1. Near the top of the page, click Change ACLs Compared.
    2. Select the node, interface, name, and version of the ACL you want to compare.
    3. Click Change.

Display ACL rules

When you display ACL rules, also known as Access Control Entries (ACEs), SolarWinds NCM identifies overlapping rules, which might require additional investigation.

  1. Display the list of ACLs on a Cisco ASA firewall.
  2. Click an ACL name.

    The rules (or ACEs) are listed on the Rules of This Access List page. The right column shows the number of hits, and a warning icon  indicates that the rule overlaps another rule.

  3. Filter or reorder the rules to help you find information.

    • To filter the rules, select the filter criteria in the left column.

      Click Edit Filter Properties to change the options available for filtering.

    • To order the rules by hit count instead of line number, open the drop-down menu above the rules and choose Hit count.

Investigate overlapping rules

  1. Display ACL rules.

  2. Point to warning icon  that identifies a rule that overlaps another rule.

    A message describes the issue.

    OverlappingRules.png

  3. Click Show the details.

    A dialog box displays the preceding rule(s) that shadow the rule or make it redundant.

Display information about objects or object groups

  1. Display ACL rules.

  2. If an object or object group is listed as the source or destination of a rule, click the name of an object or object group.

    Information about the current version of the object or object group is shown on the right.

  3. To view information about a previous version of the object or object group, select a version from the drop-down menu.

  4. To compare another version to the currently selected version, click Compare Diff and select the version.

 

Last modified

Tags

Classifications

Public