unwanted access-list 199 & how to get ride of it?

blackhat2020 · ‎05-26-2008

I don't know.. any one khnow that what is this ....?!

** see the log message about access-list 199*** I didnt creat that access-list so where did that come from??

CISCO_CME uptime is 1 day, 1 hour, 5 minutes

System returned to ROM by power-on

System restarted at 09:37:17 CET Mon Jun 11 2007

System image file is "flash:c2600-advipservicesk9-mz.124-11.T2.bin"

it have been reload yesterday, so there is not many changes... But see this.

- Maby it is some thing in the startup sequence in IOS.........(bug)

- It says that it is made from console, and i have not used the console for a long time...

CISCO_CME#show archive log config all

idx sess user@line Logged command

1 1 console@console |access-list 199 permit icmp host 10.10.10.10 host 20.20.20.20

2 1 console@console |crypto map NiStTeSt1 10 ipsec-manual

3 1 console@console |match address 199

4 1 console@console |set peer 20.20.20.20

5 1 console@console |exit

6 1 console@console |no access-list 199

7 1 console@console |no crypto map NiStTeSt1

8 2 henr1k@vty0 |access-list dynamic-extended

smahbub · ‎05-30-2008

"No access-list 199" will be the command to get rid of the access-list.

blackhat2020 · ‎05-30-2008

thanks.but i didnt asked how to delete this access-list my cuestion is that where the h**l it came from automaticlly? what is the cause? is there any official document from cisco about this strange access-list 199? thanks

Edison Ortiz · ‎05-30-2008

Someone created the ACL via the console. You should ask around if someone else did it. I don't think a bug can actually type all those lines and configure IPSec for you.

__

Edison.

jason.chilton · ‎05-30-2008

This will always happen upon booting the router. It's a kind of self-test to make sure the crypto hardware is working properly.