Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cant delete some 3000 odd access-list remark lines from PIX 515..

Hello,

  I have a Cisco Pix in my test lab and someone has put some 3000 access-list remark lines on it and I'm having a hard time removing those. I've tried tftp new config after deleting those lines on notepad, didnt work. I tried to simply delete the lines using no command, that didnt work either. Here's the config..

PIX Version 7.1(2)

!

hostname pix2

domain-name voyence.com

enable password 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0

nameif outside

security-level 0

ip address 10.6.228.6 255.255.255.128

ipv6 enable

!

interface Ethernet1

speed 100

duplex full

nameif inside

security-level 100

no ip address

!

interface Ethernet2

shutdown

nameif intf2

security-level 4

no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

boot system flash:/pix635.bin

ftp mode passive

dns server-group DefaultDNS

domain-name voyence.com

object-group network Aaron

description Testing Object in Object

network-object 10.10.1.0 255.255.255.0

object-group network jabber_servers

description Jabber application server group

network-object host 16.110.72.184

network-object host 16.110.72.187

network-object host 16.110.72.188

network-object host 192.168.4.2

group-object Aaron

object-group service jabber_service tcp

description jabber ports

object-group network tom1

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.255.0

network-object host 3.3.3.3

network-object host 3.3.3.5

network-object 4.4.0.0 255.255.0.0

object-group service tom2 tcp

port-object range 10 ftp-data

port-object eq ftp

port-object eq finger

port-object eq www

port-object range 100 200

object-group network Defect_19422

object-group network eauth-database-servers

object-group service voyence tcp

access-list vpn extended permit ip 172.22.1.0 255.255.255.0 10.255.1.0 255.255.255.0

access-list vpn extended permit ip 10.255.1.0 255.255.255.0 172.22.1.0 255.255.255.0

access-list inside_nonat extended permit ip any 3.3.3.0 255.255.255.0

access-list test extended permit ip host 1.1.2.2 any

access-list test extended permit 255 host 2.2.3.3 any

access-list test extended permit tcp host 1.2.3.4 range 1 65535 any

access-list test extended deny tcp host 1.2.3.111 111.0.0.0 255.0.0.0

access-list test extended deny icmp6 host 2.2.2.3 any

access-list test extended deny ah 4.3.2.0 255.255.255.0 host 4.3.3.1 log

access-list test extended permit eigrp 4.3.2.0 255.255.255.0 any

access-list test extended permit igmp 4.3.3.0 255.255.255.0 any

access-list test extended deny esp 4.4.0.0 255.255.0.0 1.2.3.0 255.255.255.0

access-list test extended permit gre 5.0.0.0 255.0.0.0 host 1.2.3.99 log

access-list test remark This is a TesT access list

access-list test remark This is a TesT access list

access-list test remark This is a TesT access list

.

.

.

.

.

.

.

.

(3000 lines)

access-list TesT standard permit 2.3.4.0 255.255.255.192

access-list tests standard permit host 11.12.13.14

access-list new extended deny nos any any log errors

access-list New_List extended permit icmp any any echo

access-list New_List extended permit icmp any any echo-reply

access-list New_List extended permit icmp any any alternate-address

access-list New_List extended permit icmp any any router-advertisement

access-list New_List extended permit icmp any any router-solicitation

access-list New_List extended permit icmp any any redirect

access-list New_List extended permit icmp any any source-quench

access-list twcnyc_pix_access_in extended permit udp host 192.168.221.51 host 192.168.96.105 eq syslog

access-list 99 standard permit host 12.12.1.1

access-list ionix extended permit tcp any any

access-list ionix extended deny gre any any

access-list testingLine extended permit ah 192.168.2.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.1.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.3.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.4.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.5.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.11.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.6.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.7.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.8.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.9.0 255.255.255.0 any

access-list testingLine extended permit ah 192.168.10.0 255.255.255.0 any

access-list testingLine extended permit ah any any log

access-list 46 extended permit icmp any any time-exceeded

access-list 46 extended permit icmp any any echo-reply

access-list 46 extended permit icmp any any unreachable

access-list 46 extended permit icmp any any mask-request

access-list 46 extended permit icmp any any source-quench

access-list BBZ-IN remark ** 527 - Data Domain/NFS Access for Lab Systems **

access-list BBZ-IN extended permit tcp host 10.118.203.111 host 10.115.64.241 eq sunrpc

access-list BBZ-IN remark ** 527 - Data Domain/NFS Access for Lab Systems **

access-list BBZ-IN extended permit tcp host 10.118.203.111 host 10.115.64.241 eq 2049

access-list BBZ-IN remark ** 527 - Data Domain/NFS Access for Lab Systems **

access-list BBZ-IN extended permit udp host 10.118.203.111 host 10.115.64.241 eq sunrpc

access-list BBZ-IN remark ** 527 - Data Domain/NFS Access for Lab Systems **

access-list BBZ-IN extended permit udp host 10.118.203.111 host 10.115.64.241 eq 2049

!

http-map DjR

port-misuse p2p action allow

!

no pager

logging enable

logging trap notifications

logging history notifications

logging facility 23

logging host inside 10.6.230.237

logging host inside 10.6.230.200

logging host inside 10.241.213.43

mtu outside 1500

mtu inside 1500

mtu intf2 1500

asdm history enable

arp timeout 14400

nat-control

route outside 0.0.0.0 0.0.0.0 10.6.228.1 1

!

router ospf 111

network 0.0.0.0 0.0.0.0 area 0

area 111

area 65535 authentication

router-id 172.22.2.242

log-adj-changes

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server NTAuth protocol nt

username admin password eY/fQXw7Ure8Qrz7 encrypted

username cisco password 3USUcOPFUiMCO4Jk encrypted

username kevin password mz6JxJib/sQqvsw9 encrypted

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

snmp-server host inside 10.6.230.200 community Cust5

snmp-server host inside 10.6.230.237 community Cust5

snmp-server location Richardson

snmp-server contact Linus

snmp-server community Cust5

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

tunnel-group testgroup type ipsec-ra

telnet 0.0.0.0 0.0.0.0 outside

telnet 10.7.0.0 255.255.0.0 outside

telnet 10.7.0.0 255.255.0.0 inside

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 60

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 60

ssh version 1

console timeout 0

!

class-map global-policy

class-map inspection_default

match default-inspection-traffic

class-map x

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect xdmcp

policy-map Test

class global-policy

inspect http DjR

!

service-policy global_policy global

Cryptochecksum:a13e2aee8ef838ad64cd3890cee4fa6f

: end

  • Firewalling
1 REPLY

Re: Cant delete some 3000 odd access-list remark lines from PIX

Hello,

Seems to be an ACL corruption, have you tried rebooting the PIX?

Also tried a clear configure access-list test!

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
687
Views
0
Helpful
1
Replies