Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

trying to remove an access-list line from a config...

I am simply trying to remove the last light (highlighted in bold), but can't figure out how to do it...

 

access-list outside_1_cryptomap extended permit ip object-group Dupont object-group MEC
access-list inside_access_in extended permit ip object-group Dupont object-group MEC
access-list inside_access_in remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

 

If I do a "no access-list inside_access_in remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC" then it gives me a "Specified remark does not exist".

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Glad it worked out after all.

Glad it worked out after all. Please mark your question as answered if it has been.

It looks like you were hitting a bug. You aren't running 9.0(3) or lower in that release train are you? If so you could possibly be seeing CSCuj99263.

12 REPLIES
Hall of Fame Super Silver

Try this:      no access-list

Try this:

      no access-list inside_access_in line 1 remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

or simply:

no access-list inside_access_in line 1 remark

New Member

Try this:      no access-list

Try this:

      no access-list inside_access_in line 1 remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

"Specified remark does not exist"

or simply:

no access-list inside_access_in line 1 remark

ERROR: % Incomplete command

Hall of Fame Super Silver

Hmm. I just did both on a

Hmm. I just did both on a test config and they worked fine.

Can you go in via ASDM and edit the ACE there?

New Member

The weird thing is, I only

The weird thing is, I only see the first two lines in ASDM. Unless I'm looking in the wrong place, I don't see any remarks at all...??

Hall of Fame Super Silver

Try no access-list inside

Try

 no access-list inside_access_in line 1 remark Migration

If that doesn't work, please provide the output of:

 show run | i Migration

New Member

ShoemakerDP-fw# conf

ShoemakerDP-fw# conf t
ShoemakerDP-fw(config)#  no access-list inside_access_in line 1 remark Migration
Specified remark does not exist
ShoemakerDP-fw(config)# exit
ShoemakerDP-fw# show run | i Migration
access-list inside_access_in remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

Hall of Fame Super Silver

Hmm that's very odd. The

Hmm that's very odd. The syntax all appears correct. A remark can be up to 100 characters long and include punctuation so that's all ok (yours is 80 characters).

I created the exact same remark on an ACL on my ASA and the removal worked just fine (see below). You may need to completely remove and re-add the ACL (without the remark line).

 

ASA#  conf t
ASA(config)# access-list cco extended permit ip any any
ASA(config)# access-list cco remark Migration, ACE (line 1) expanded: perm$
ASA(config)# end
ASA# sh run | i Migrat
access-list cco remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC
ASA# 
ASA# 
ASA# conf t
ASA(config)# no access-list cco remark Migration, ACE (line 1) expanded: p$
ASA(config)# end
ASA# sh run | i Migrat                                     
ASA#

New Member

I tried to remove it again

I tried to remove it again and got the "Specified remark does not exist" once more. I then removed the entire ACL, but the line in question still showed up in the config?! I did a reload and it was still there. HOWEVER, after the reload, I was able to do a "no access-list cco remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC" and it did finally remove it!! I did a copy run start and then another reload just to be sure, haha. It's now gone and I'm happy. I'm not exactly sure what happened... I guess I should have done the reload earlier :)

Hall of Fame Super Silver

Glad it worked out after all.

Glad it worked out after all. Please mark your question as answered if it has been.

It looks like you were hitting a bug. You aren't running 9.0(3) or lower in that release train are you? If so you could possibly be seeing CSCuj99263.

New Member

5505ASA - 8.3.1ASDM - 6.4.9

5505

ASA - 8.3.1

ASDM - 6.4.9 (103)

Hall of Fame Super Silver

Ohhh 8.3(1) - from March 2010

Ohhh 8.3(1) - from March 2010. That's not a recommended release - it was the first release of the major rewrite of a lot of code.

Cisco currently recommends 8.4(7) (September 2013) or 9.0(4) (December 2013) as the most stable releases for that platform.

New Member

Thanks

Thanks

3210
Views
0
Helpful
12
Replies
CreatePlease to create content