We help IT Professionals succeed at work.

Code removal from ASA

453 Views
Last Modified: 2008-03-10
Does anyone know how to remove a line of code from an ASA that has ";amp&;amp" in it?
Let me explain;
An ipsec/ike tunnel was created thru the gui, then later removed (deleted) thru the gui.  When doing a sho run (CLI), I still see a reference to it, and want to clean it up.  I've tried to do a "no blah blah blah", but it does't like it (I get "specified remark does not exist"), I think because of the "html like" references in it.
The actual entry is:
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I've already tried:
no access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
and I get this in return:
Specified remark does not exist
Obviously it does exist :-), does anyone know how to remove it?
Comment
Watch Question

CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2007
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
I believe the author has already tried that but there is probably a problem due to & being the URL encoding for an & sign causing it not to delete it. You could delete the entire ACL from the GUI but its just as easy using the command line.

Author

Commented:
qrblades:
You are correct; I did already try this thru the gui with no luck *it wasn't actually listed within the gui, because I removed it, as mentioned* I also tried thru the cli with no luck.  I haden't tried only "'no access-list OUTSIDE_1_cryptomap", but I just did that too and no luck...
I press on ;-)...
CERTIFIED EXPERT
Top Expert 2007

Commented:
  Then here is a tricky one
       *Copy the config file of ASA (config.cfg) to a TFTP server. Take a backup of that copied file backconfig.cfg for example.
       *Now open the config.cfg with notepad. Now delete the line that contains the ACL.
       *Be careful, after you delete the line only, two rectangle boxes (that rectangle box means dash, if you try to copy it and paste here, it will make a space) one will stick to other, so you should delete one and respect the order(i will define them as e, cant draw it exactly :) ). Example

global (dmz) 1 interfaceeyoucorruptaclhereenat (inside) 1 0.0.0.0 0.0.0.0eaccess-group outside_access_in in interface outsidee

should be

global (dmz) 1 interfaceenat (inside) 1 0.0.0.0 0.0.0.0eaccess-group outside_access_in in interface outsidee

Regards

CERTIFIED EXPERT
Top Expert 2007

Commented:
  dont forget to copy that config back to ASA
CERTIFIED EXPERT
Top Expert 2007

Commented:
i used alt+3 (it draws heart normally but it typed e here, so I better use ^ for clearing out)

global (dmz) 1 interface^youcorruptaclhere^nat (inside) 1 0.0.0.0 0.0.0.0^access-group outside_access_in in interface outside^

should be

global (dmz) 1 interface^nat (inside) 1 0.0.0.0 0.0.0.0^access-group outside_access_in in interface outside^

Author

Commented:
I figured it out, here's what I did...
I created a new acl thru the gui, with the name I had originally created -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I did this to see how it would be represented within the cli, and this is how it looked -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
the one in the cli that I could't remove looked like this -
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS & WHISTLES
I wanted to see what would actually create the "&" so I kept trying until I came up with
access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS &&; WHISTLES
which created the same entry within the cli; I removed this acl thru the gui, and did a
no access-list OUTSIDE_1_cryptomap remark FASTRACK - BELLS &&; WHISTLES
which FINALLY removed it from the cli :-)
Since you both got me thinking in the right direction I am going to split the pts... Thanks!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.