By mistake I have entered access list remarks using international characters. Apparently, this is not handled well by the 5505. It is not possible to remove or change these remarks using the ASDM app. The only other way (I know) to remove a remark is to connect in cli mode and enable/configure terminal and write, e.g.
no access-list outside_access_in line 61 remark myRemark
If the string "myRemark" is not recognized by the system, it will not be removed.
Since the string in my case is not possible to describe to the system, I cannot remove it.
I entered the remark string using ADSM, and the characters were translated to something that is unknown to me.
Is there any way to remove a remark without specifying the exact content?
You can just copy the current ACL to notepad and modify the remarks and any other sections you need to and then simply replace the ACLs name with something else than the current one.
You can view the ACL in its configuration format with the command "show run access-list <acl name>". The command "show access-list <acl name>" does show the ACL but it shows it in a format that you can't directly copy paste back to the device. (It shows the hitcounts etc.)
Now you could copy/paste that to notepad and simply change it to (-1 added to the name and changed "remark")
access-list OUTSIDE-IN-1 remark Permit some traffic access-list OUTSIDE-IN-1 permit ip host 126.96.36.199 host 188.8.131.52
Now that you have your new ACL with corrected "remark" configured you can replace the old ACL (identical ACL, except for the corrected information) with the new one
The below command would essentially attach the below named ACL to the interface called "outside". This will replace any ACL that is currently attached to that interface.
access-group OUTSIDE-IN-1 in interface outside
Now doing the above should mean that you now have the old OUTSIDE-IN ACL on the ASA but its not attached anywhere. This ACL is the one that has the wrong "remark" that you are trying to remove. You can now use this command to remove that ACL completely from the ASA
clear configure access-list OUTSIDE-IN
I would suggest that you backup the original ACL just incase if there is some error in the new ACL so you can compare it original one.
Now that the old ACL is removed you can rename the new ACL you made and attached to the interface with the command I mentioned
access-list OUTSIDE-IN-1 rename OUTSIDE-IN
I tested this with my own firewall and it works just fine.
To my understanding changing an ACL that is used on the firewall wont affect any active connections through the firewall as those have already been allowed through the firewall. I am not sure if there is a chance that some connection attempt could be blocked while changing the used ACL on the interface but I really doubt it can have a noticiable affect as the ACL is replaced as soon as you issue the "access-group" command with the new ACL.
Through CLI you can do by deleting the specified access-list line and inserting a modified access-list line in that place....
As per my knowledge you cannot do as you think.... for removing the access-list line you have to give the exact content of the ACL line.... else it will not get removed.....
In case if you have problem in removing through CLI as well.... then you can create a new ACL matching all the entries same as the existing one with a different name and then you can tag that to an interface.... and then you can delete the old acl name or you can rename the old acl to new acl and new acl to old acl.....
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...