?
Solved

Code removal from ASA

Posted on 2007-10-07
8
Medium Priority
?
392 Views
Last Modified: 2008-03-10
Does anyone know how to remove a line of code from an ASA that has ";amp&;amp" in it?
Let me explain;
An ipsec/ike tunnel was created thru the gui, then later removed (deleted) thru the gui.  When doing a sho run (CLI), I still see a reference to it, and want to clean it up.  I've tried to do a "no blah blah blah", but it does't like it (I get "specified remark does not exist"), I think because of the "html like" references in it.
The actual entry is:
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I've already tried:
no access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
and I get this in return:
Specified remark does not exist
Obviously it does exist :-), does anyone know how to remove it?
0
Comment
Question by:PMGIT
  • 4
  • 2
  • 2
8 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 750 total points
ID: 20030291
You will probably need to do 'no access-list OUTSIDE_1_cryptomap' and then repaste the access-list back in again without the remark.
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 750 total points
ID: 20030509
   Best way for removing that ACL is using GUI (ASDM or PDM) instead CLI. You can see that ACL there and simply click on it and delete
0
 
LVL 36

Expert Comment

by:grblades
ID: 20030619
I believe the author has already tried that but there is probably a problem due to & being the URL encoding for an & sign causing it not to delete it. You could delete the entire ACL from the GUI but its just as easy using the command line.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:PMGIT
ID: 20031296
qrblades:
You are correct; I did already try this thru the gui with no luck *it wasn't actually listed within the gui, because I removed it, as mentioned* I also tried thru the cli with no luck.  I haden't tried only "'no access-list OUTSIDE_1_cryptomap", but I just did that too and no luck...
I press on ;-)...
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20031845
  Then here is a tricky one
       *Copy the config file of ASA (config.cfg) to a TFTP server. Take a backup of that copied file backconfig.cfg for example.
       *Now open the config.cfg with notepad. Now delete the line that contains the ACL.
       *Be careful, after you delete the line only, two rectangle boxes (that rectangle box means dash, if you try to copy it and paste here, it will make a space) one will stick to other, so you should delete one and respect the order(i will define them as e, cant draw it exactly :) ). Example

global (dmz) 1 interfaceeyoucorruptaclhereenat (inside) 1 0.0.0.0 0.0.0.0eaccess-group outside_access_in in interface outsidee

should be

global (dmz) 1 interfaceenat (inside) 1 0.0.0.0 0.0.0.0eaccess-group outside_access_in in interface outsidee

Regards

0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20031846
  dont forget to copy that config back to ASA
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20031853
i used alt+3 (it draws heart normally but it typed e here, so I better use ^ for clearing out)

global (dmz) 1 interface^youcorruptaclhere^nat (inside) 1 0.0.0.0 0.0.0.0^access-group outside_access_in in interface outside^

should be

global (dmz) 1 interface^nat (inside) 1 0.0.0.0 0.0.0.0^access-group outside_access_in in interface outside^
0
 

Author Comment

by:PMGIT
ID: 20033920
I figured it out, here's what I did...
I created a new acl thru the gui, with the name I had originally created -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I did this to see how it would be represented within the cli, and this is how it looked -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
the one in the cli that I could't remove looked like this -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I wanted to see what would actually create the "&" so I kept trying until I came up with
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS &&; WHISTLES
which created the same entry within the cli; I removed this acl thru the gui, and did a
no access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS &&; WHISTLES
which FINALLY removed it from the cli :-)
Since you both got me thinking in the right direction I am going to split the pts... Thanks!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month17 days, 13 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question