SSH to the Cisco as normal and elevate your user level and move to a configure terminal:
$en
Enter configuration terminal:
$conf t
Now from here, you can do a show running config to see what rules are on the ASA
#sh ru
If you see rules that are not in the correct order, you can move them around. For example, let's say you have a deny rule on line 5, but line 3 is an allow all any any anywhere type rule. We will first have to delete line 5, and recreate our deny rule, and just give it a new line number:
#no access-list outside_access_in extended deny ip object-group DenyIP
#access-list outside_access_in line 2 extended deny ip object-group DenyIP
This will create that ACL and place it in line2. Line 1 is usually the rule for support access. Just use the appropriate line number and make sure the Deny rule is in place before any allow all type rules.
#wr mem
Do not forget to save your work!