12-06-2007 10:30 AM - edited 03-11-2019 04:39 AM
I had a problem when i deleted an access-list. The GUI interface is deleting me de route associate whith the IP invoved in the access-list. This is the output in my syslog server when i deleted the ACL:
Dec 5 16:24:21 192.168.157.1 : %PIX-5-111008: User 'jvega' executed the 'no route genesis 10.252.252.128 255.255.255.192 192.168.157.4 1' command.
Dec 5 16:24:21 192.168.157.1 : %PIX-5-111008: User 'jvega' executed the 'no access-list Desa_access_in extended permit tcp host 10.251.251.18 10.252.252.128 255.255.255.192 eq 21' command.
Thank's for your help
12-13-2007 01:09 PM
No, it is expected result. If you remove any access-list especially which was created to allow/permit traffic from particular destination, then the basic characterisitic of firewall comes into effect that is by default all the traffic from the outside networs blocked.
12-17-2007 06:33 PM
Cisco might label it a feature, but we users call it a bug. All Cisco's GUI configuration tools have similar problems... they get a little sloppy about deletions and changes. As a general rule, don't use a GUI for simple tasks. And always inspect what the tool wants to send to your router *before* it send it.
(In Cisco's defense, the tools usually warn you when it's going to do far more than you just asked it to.)
12-18-2007 06:46 AM
Ok, thank's for your help...you are right, this is a bug and the GUI interface is the problem. When i use CLI's i never have problems. May be the bug that i am hitting is CSCsg05431 bug id.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide