marceloNYC
asked on
Trouble after deleting a couple of access-list in remote Cisco router
Dear experts,
I cannot reenter a few access-list command lines after I deleted a couple that were not needed. Actually they are gone now.
This is the entry part that is trouble.
interface FastEthernet0/0
ip address 74.xx.yy114 255.255.255.2xx
ip access-group 105 in <---------- here I was trying to edit and went wrong
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
There are bunch of access-list:
ip nat inside source list 100 interface FastEthernet0/0 overload
!
ip access-list extended Inet-Connection
permit tcp any host 74.yy.xx.113 established
permit ip host 173.xx.yy.18 host 74.yy.xx.113
permit ip host 12.xx.yy.121 host 74.yy.xx.113
!
ip radius source-interface Loopback22
access-list 99 permit 172.16.0.0 0.0.255.255
access-list 100 remark NAT Translations
access-list 100 deny ip 172.16.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 172.16.16.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 deny ip 172.16.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 172.16.17.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 permit ip 172.16.17.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 permit ip 173.xx.yy.0 0.0.0.255 any <--- 105 are gone now. I can't put bak'
access-list 105 permit ip 98.xx.yy.0 0.0.0.255 any
access-list 105 permit esp 98.xx.yy.0 0.0.0.255 any
access-list 105 permit esp 173.xx.yy.0 0.0.0.255 any
access-list 105 permit gre 173.xx.yy.0 0.0.0.255 any
access-list 105 permit gre 98.xx.yy.0 0.0.0.255 any
access-list 105 permit tcp any any established
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.0.31.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 deny ip 127.0.0.0 0.0.0.255 any
access-list 105 deny ip any any
access-list 105 permit gre 12.xx.yy.0 0.0.0.255 any
access-list 105 permit ip 12.xx.yy.0 0.0.0.255 any
access-list 105 permit esp 12.xx.yy.0 0.0.0.255 any
access-list 106 deny ip any 172.16.0.0 0.0.255.255
access-list 106 deny ip any 10.0.0.0 0.25
everything that is "access-list 105" is no longer visible in the configuration.
How do I put them back? I am doing something wrong because every time I am trying to reenter them it disconnects me and I have to have some one in the remote location reboot the router so we can reconnect VPN. They lose internet access.
Any thoughts on this much appreciated.
Regards, M
I cannot reenter a few access-list command lines after I deleted a couple that were not needed. Actually they are gone now.
This is the entry part that is trouble.
interface FastEthernet0/0
ip address 74.xx.yy114 255.255.255.2xx
ip access-group 105 in <---------- here I was trying to edit and went wrong
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
There are bunch of access-list:
ip nat inside source list 100 interface FastEthernet0/0 overload
!
ip access-list extended Inet-Connection
permit tcp any host 74.yy.xx.113 established
permit ip host 173.xx.yy.18 host 74.yy.xx.113
permit ip host 12.xx.yy.121 host 74.yy.xx.113
!
ip radius source-interface Loopback22
access-list 99 permit 172.16.0.0 0.0.255.255
access-list 100 remark NAT Translations
access-list 100 deny ip 172.16.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 172.16.16.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 deny ip 172.16.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 172.16.17.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 permit ip 172.16.17.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 permit ip 173.xx.yy.0 0.0.0.255 any <--- 105 are gone now. I can't put bak'
access-list 105 permit ip 98.xx.yy.0 0.0.0.255 any
access-list 105 permit esp 98.xx.yy.0 0.0.0.255 any
access-list 105 permit esp 173.xx.yy.0 0.0.0.255 any
access-list 105 permit gre 173.xx.yy.0 0.0.0.255 any
access-list 105 permit gre 98.xx.yy.0 0.0.0.255 any
access-list 105 permit tcp any any established
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.0.31.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 deny ip 127.0.0.0 0.0.0.255 any
access-list 105 deny ip any any
access-list 105 permit gre 12.xx.yy.0 0.0.0.255 any
access-list 105 permit ip 12.xx.yy.0 0.0.0.255 any
access-list 105 permit esp 12.xx.yy.0 0.0.0.255 any
access-list 106 deny ip any 172.16.0.0 0.0.255.255
access-list 106 deny ip any 10.0.0.0 0.25
everything that is "access-list 105" is no longer visible in the configuration.
How do I put them back? I am doing something wrong because every time I am trying to reenter them it disconnects me and I have to have some one in the remote location reboot the router so we can reconnect VPN. They lose internet access.
Any thoughts on this much appreciated.
Regards, M
You need to remove the access-list from the interface first, and then try to add the access-list commands, and finish it by putting the acl back on the interface.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you haven't saved the config, the 105 ACL is probably still in the startup-config.
Do a "show startup" then copy the access-list 105 commands and paste them into a text editor. Then you can paste them back into the running config.
Do a "show startup" then copy the access-list 105 commands and paste them into a text editor. Then you can paste them back into the running config.
ASKER
Thank you so much! You too donjohnston thank you.