Adding remarks to access lists – Cisco ASA 5505 User Manual
Page 422
 
19-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 19 Adding an IPv6 Access List
Configuring IPv6 Access Lists
To configure an IPv6 access list with ICMP, enter the following command:
Adding Remarks to Access Lists
You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard, 
and Webtype access lists. The remarks make the access list easier to understand.
To add a remark after the last access-list command you entered, enter the following command:
Example
You can add remarks before each ACE, and the remarks appear in the access list in these locations. 
Entering a dash (-) at the beginning of a remark helps set it apart from an ACE.
hostname(config)# access-list OUT remark - this is the inside admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any
hostname(config)# access-list OUT remark - this is the hr admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any
Command
Purpose
ipv6 access-list
id [line line-num] {deny
| permit} icmp6
{source-ipv6-prefix/prefix-length | any |
host
source-ipv6-address | object-group
network_obj_grp_id}
{destination-ipv6-prefix/prefix-length |
any
| host destination-ipv6-address |
object-group
network_obj_grp_id}
[icmp_type | object-group
icmp_type_obj_grp_id] [log [[level]
[interval secs] | disable | default]]
Example:
hostname(config)# ipv6 access list acl_grp
permit tcp any host
3001:1::203:AOFF:FED6:162D
Configures an IPv6 access list with ICMP.
The icmp6 keyword specifies that the access rule applies to ICMPv6 traffic 
passing through the ASA.
The icmp_type argument specifies the ICMP message type being filtered by 
the access rule. The value can be a valid ICMP type number from 0 to 255. 
(For a list of the permitted ICMP type literals, see the 
Limitations” section on page 19-2
The icmp_type_obj_grp_id option specifies the object group ICMP type 
ID.
For details about additional ipv6 access-list command parameters, see the 
preceding procedure for adding a regular IPv6 access list, or see the 
ipv6 access-list command in the Cisco Security Appliance Command 
Reference.
Command
Purpose
access-list
access_list_name remark text
Example:
hostname(config)# access-list OUT remark -
this is the inside admin address
Adds a remark after the last access-list command you entered.
The text can be up to 100 characters in length. You can enter leading spaces 
at the beginning of the text. Trailing spaces are ignored.
If you enter the remark before any access-list command, then the remark 
is the first line in the access list.
If you delete an access list using the no access-list access_list_name 
command, then all the remarks are also removed.