Removing ACL remark on a PIX?

Discussion in 'Cisco' started by Paul Hutchings, Nov 11, 2003.

  1. I have several lines in my PIX config that simply say:

    "access-list inside_access_in remark "

    I've tried what I believe to be the correct syntax to delete these
    comments, but it doesn't work - can anyone help?

    TIA,
    Paul
    --
    paul <at> spamcop.net
     
    Paul Hutchings, Nov 11, 2003
    #1
    1. Advertising

  2. In article <Xns943087AAA4128paulhutchingsspamcop@130.133.1.4>,
    Paul Hutchings <> wrote:
    :I have several lines in my PIX config that simply say:

    :"access-list inside_access_in remark "

    :I've tried what I believe to be the correct syntax to delete these
    :comments, but it doesn't work - can anyone help?

    no access-list inside_access_in remark


    If necessary use the line number.


    Or is the issue that it wants you to put some text in after the
    'remark' ? I didn't think empty remarks were possible, especially
    not more than one of them (which would be seen as duplicate remarks.)
    --
    "There are three kinds of lies: lies, damn lies, and statistics."
    -- not Twain, perhaps Disraeli, first quoted by Leonard Courtney
     
    Walter Roberson, Nov 11, 2003
    #2
    1. Advertising

  3. Paul Hutchings

    Hugo Drax Guest

    "Paul Hutchings" <> wrote in message
    news:Xns943087AAA4128paulhutchingsspamcop@130.133.1.4...
    > I have several lines in my PIX config that simply say:
    >
    > "access-list inside_access_in remark "
    >
    > I've tried what I believe to be the correct syntax to delete these
    > comments, but it doesn't work - can anyone help?
    >
    > TIA,
    > Paul
    > --
    > paul <at> spamcop.net



    does the comment reside within an object group?
     
    Hugo Drax, Nov 11, 2003
    #3
  4. In article <bor74g$1hdurf$-berlin.de>,
    Hugo Drax <> wrote:

    :"Paul Hutchings" <> wrote in message
    :news:Xns943087AAA4128paulhutchingsspamcop@130.133.1.4...
    :> I have several lines in my PIX config that simply say:

    :> "access-list inside_access_in remark "

    :does the comment reside within an object group?

    No, PIX object-groups cannot have 'access-list' entries in them.
    --
    IMT made the sky
    Fall.
     
    Walter Roberson, Nov 11, 2003
    #4
  5. -cnrc.gc.ca (Walter Roberson) wrote in
    news:bor3vj$p3c$:

    > In article <Xns943087AAA4128paulhutchingsspamcop@130.133.1.4>,
    > Paul Hutchings <> wrote:
    >:I have several lines in my PIX config that simply say:
    >
    >:"access-list inside_access_in remark "
    >
    >:I've tried what I believe to be the correct syntax to delete these
    >:comments, but it doesn't work - can anyone help?
    >
    > no access-list inside_access_in remark
    >
    >
    > If necessary use the line number.
    >
    >
    > Or is the issue that it wants you to put some text in after the
    > 'remark' ? I didn't think empty remarks were possible, especially
    > not more than one of them (which would be seen as duplicate remarks.)


    I'm doing this via PDM - I've found that the comments tend to get out of
    sync with the rules if you add/remove rules, and I now have listed after my
    final outgoing rule four lines that simple say:

    "access-list inside_access_in remark", if i do a "no access-list
    inside_access_in_remark" I get "specified remark does not exist".

    "sho access-list gives (amongst other things):

    access-list inside_access_in line 5 remark
    access-list inside_access_in line 6 remark
    access-list inside_access_in line 7 remark
    access-list inside_access_in line 8 remark

    but i've not sussed the syntax to use the line numbers yet.. simply trying
    the line with "no" in front also gives "specified remark does not exist".

    it's bloody annoying :)

    regards
    Paul
    --
    paul <at> spamcop.net
     
    Paul Hutchings, Nov 11, 2003
    #5
  6. Paul Hutchings

    Hugo Drax Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bor7ff$qkn$...
    > In article <bor74g$1hdurf$-berlin.de>,
    > Hugo Drax <> wrote:
    >
    > :"Paul Hutchings" <> wrote in message
    > :news:Xns943087AAA4128paulhutchingsspamcop@130.133.1.4...
    > :> I have several lines in my PIX config that simply say:
    >
    > :> "access-list inside_access_in remark "
    >
    > :does the comment reside within an object group?
    >
    > No, PIX object-groups cannot have 'access-list' entries in them.
    > --
    > IMT made the sky
    > Fall.


    there is a bug with embedded comments inside an object group. he might be
    doing a show access-list and notices the comment still exists.

    PIX 6.3 will not remove a remark entry (with line num), if it's included
    in an ACL that contains an object-group. This is particularly a problem for
    PDM
    users and if they are editing the description column of a rule, which uses
    object groups.

    In this case, PIX will ignore the 'no' cmds to remove the remark, specified
    by line number.

    This problem impacts users that use PDM, and have object-groups in their
    ACL.
    See associated PDM bugs: CSCeb39653 and CSCeb39829



    WORKAROUND
    Explicitly list the ACEs in the ACL, instead of using Object-Groups.
     
    Hugo Drax, Nov 11, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Caruso
    Replies:
    2
    Views:
    1,610
    John Caruso
    Jul 24, 2003
  2. Christian Schneider

    PIX-to-PIX VPN-Config with ACL

    Christian Schneider, Nov 25, 2003, in forum: Cisco
    Replies:
    2
    Views:
    488
    A. Yarrington
    Nov 25, 2003
  3. Shad T
    Replies:
    0
    Views:
    783
    Shad T
    Jun 29, 2004
  4. Vimokh
    Replies:
    3
    Views:
    5,917
    Vimokh
    Sep 6, 2006
  5. Piet  Slaghekke
    Replies:
    4
    Views:
    1,169
    John Holmes
    Jan 2, 2007
Loading...

Share This Page