Code removal from ASA

Does anyone know how to remove a line of code from an ASA that has ";amp&;amp" in it?
Let me explain;
An ipsec/ike tunnel was created thru the gui, then later removed (deleted) thru the gui.  When doing a sho run (CLI), I still see a reference to it, and want to clean it up.  I've tried to do a "no blah blah blah", but it does't like it (I get "specified remark does not exist"), I think because of the "html like" references in it.
The actual entry is:
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I've already tried:
no access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
and I get this in return:
Specified remark does not exist
Obviously it does exist :-), does anyone know how to remove it?
PMGITAsked:
Who is Participating?
 
grbladesCommented:
You will probably need to do 'no access-list OUTSIDE_1_cryptomap' and then repaste the access-list back in again without the remark.
0
 
Alan Huseyin KayahanCommented:
   Best way for removing that ACL is using GUI (ASDM or PDM) instead CLI. You can see that ACL there and simply click on it and delete
0
 
grbladesCommented:
I believe the author has already tried that but there is probably a problem due to & being the URL encoding for an & sign causing it not to delete it. You could delete the entire ACL from the GUI but its just as easy using the command line.
0
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
PMGITAuthor Commented:
qrblades:
You are correct; I did already try this thru the gui with no luck *it wasn't actually listed within the gui, because I removed it, as mentioned* I also tried thru the cli with no luck.  I haden't tried only "'no access-list OUTSIDE_1_cryptomap", but I just did that too and no luck...
I press on ;-)...
0
 
Alan Huseyin KayahanCommented:
  Then here is a tricky one
       *Copy the config file of ASA (config.cfg) to a TFTP server. Take a backup of that copied file backconfig.cfg for example.
       *Now open the config.cfg with notepad. Now delete the line that contains the ACL.
       *Be careful, after you delete the line only, two rectangle boxes (that rectangle box means dash, if you try to copy it and paste here, it will make a space) one will stick to other, so you should delete one and respect the order(i will define them as e, cant draw it exactly :) ). Example

global (dmz) 1 interfaceeyoucorruptaclhereenat (inside) 1 0.0.0.0 0.0.0.0eaccess-group outside_access_in in interface outsidee

should be

global (dmz) 1 interfaceenat (inside) 1 0.0.0.0 0.0.0.0eaccess-group outside_access_in in interface outsidee

Regards

0
 
Alan Huseyin KayahanCommented:
  dont forget to copy that config back to ASA
0
 
Alan Huseyin KayahanCommented:
i used alt+3 (it draws heart normally but it typed e here, so I better use ^ for clearing out)

global (dmz) 1 interface^youcorruptaclhere^nat (inside) 1 0.0.0.0 0.0.0.0^access-group outside_access_in in interface outside^

should be

global (dmz) 1 interface^nat (inside) 1 0.0.0.0 0.0.0.0^access-group outside_access_in in interface outside^
0
 
PMGITAuthor Commented:
I figured it out, here's what I did...
I created a new acl thru the gui, with the name I had originally created -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I did this to see how it would be represented within the cli, and this is how it looked -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
the one in the cli that I could't remove looked like this -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I wanted to see what would actually create the "&" so I kept trying until I came up with
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS &&; WHISTLES
which created the same entry within the cli; I removed this acl thru the gui, and did a
no access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS &&; WHISTLES
which FINALLY removed it from the cli :-)
Since you both got me thinking in the right direction I am going to split the pts... Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.