There are a few instances in which you'll have to do a chain of removals. For example, you might have a vpngroup that is no longer in use, but because it has a reference to an ip pool, the pix might not allow you to remove the ip pool without removing the vpngroup first.
In article , snipped-for-privacy@layer8group.com top-posted:
Please do not top-post. You should quote only the material you are replying to, and your replies should be mixed in with the specific sections you are commenting on. top-posting (posting your reply at the top) makes the conversation more difficult to follow, and when others go to follow up on your posting, they have to manually edit the form of what you wrote in order to regain some semblence of a conversation.
I see you are using googlegroups, so you might be thinking that the news interface looks like that for everyone, but that is very much not the case. The people that read a lot of news and answer a lot of questions often use text-based interfaces that are much more sophisticated than the googlegroups interface.
Re-arranging the technical discussion for readability:
You are incorrect. Individual lines of an access list can be deleted by re-entering them with a "no " prefix. That has been the case on every PIX OS version that has supported access-list at all (i.e., starting with PIX 5.0).
What you cannot do before PIX 6.3 is to -add- a line into the middle of an access-list; PIX 6.3 has a more advanced ACL editor that makes it possible.
It is true that if you accidently enter "no access-list NAME" with nothing further, that the entire access-list will be removed, but that doesn't preclude removing individual lines of an ACL via the "no " convention.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.