If you just add all your line numbers the same it will automatically bump the one its replacing up one.
Ie say your permit ip any any is at line 4, if you just insert all your rules as line 4 you will find they bump each other up all the way to whatever line number you get too with the original line 4 statement at the very end. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hitesh Vinzoda Sent: Tuesday, 11 November 2008 4:54 PM To: Cisco Mailing list Subject: [c-nsp] FWSM Access-control lists Dear All, Im having a production server subnet of around 150 servers ( 172.16.2.0/24) and all of them are sitting behind FWSM. Current ACL applied is permit ip any any. Now we have got the details of one server communicating on some ports for that we are going to apply the ACL. I came to know about the Line numbers in ACE but for me its not working. Say e.g. my LAN is untrusted (192.168.0.0/16) access-list test line 1 extended permit ip 192.168.2.0 host 172.16.2.20 eq www access-list test line 2 extended permit ip 192.168.2.0 host 172.16.2.20 eq smtp access-list test line 3 extended permit ip 192.168.2.0 host 172.16.2.20 eq 445 now for any other traffic for particular server will be denied access-list test line 500 extended permit ip any host 172.16.2.20 access-list test line 501 extended permit ip any any the fascinating thing here is that when i issue "sh access-list" command. it shows the line numbers for 500 and 501 as 4 & 5 respectively. i.e. any thing added later is appended. I want to have ip any any at line 15000 which will removed once all ACE for each server are in place. FWSM is running of 3.2 any ideas about getting line 500 & 501 and fixed at there respective places. Thanks in advance Hitesh Vinzoda _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/