Remove entry from FWSM context cfg

j.mccartney · ‎11-03-2007

I want to remove 2 entries from a context cfg for an ACL and cannot find a way to do it. Here is the cfg:

access-list PERMIT-PRINT extended permit ip 10.10.50.0 255.255.254.0 165.24.146.90 255.255.255.240

access-list PERMIT-PRINT extended permit ip host 90.132.101.16 host 168.34.266.70

access-list PERMIT-PRINT extended deny ip host 90.132.101.16 host 168.34.266.70

The last 2 lines are the ones and when I do a sh access-list it shows them as line 9 & 10 in sequence.

Thanks for any help.

excession · ‎11-04-2007

Which version of FWSM software are you using?

j.mccartney · ‎11-04-2007

We are using:

FWSM Firewall Version 3.1(3)

Device Manager Version 5.0(1)F

excession · ‎11-04-2007

You will be able to delete these entries using keyword "no" in front of them in global configuration mode on the command line

no access-list PERMIT-PRINT extended permit ip host 90.132.101.16 host 168.34.266.70

no access-list PERMIT-PRINT extended deny ip host 90.132.101.16 host 168.34.266.70

j.mccartney · ‎11-04-2007

I tried that and got the following error:

ADC-FW-CORE/3RD-PARTY-VENDORS(config)# no access-list PERMIT-PRINT extended pe$

no access-list PERMIT-PRINT extended permit ip host 90.132.101.16 host 168.34.26

^6.70

ERROR: % Invalid input detected at '^' marker.

excession · ‎11-04-2007

This is unusual. I would try a "?" just at the error marker to see what it is expecting.

Other than that another option is to paste the whole access-list into a text document. Do a "clear configure access-list PERMIT-PRINT". The relative access-group statement may also be removed by this. Then paste in the statements you want to keep and reapply the access-group.

However, you may need a service window to do the latter.

j.mccartney · ‎11-04-2007

That is what I thought you may say, and yup in case of service affecting I may have to setup a change window. Thanks for your help.