Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
0
Helpful
4
Replies

FWSM_Policy-map_removal_error

jordan.jordani1992
Level 1
Level 1

‎04-03-2018 11:23 PM - edited ‎02-21-2020 07:35 AM

Hi all

 

I have faced some sort of difficulties in configuration of an old device at my company which is FWSM. The problem is that I had created a testing policy-map called ZZZ, as well as the class-map with the same name (ZZZ). When I was about to remove to related config (class-map, policy-map), I am able to remove the class-map with the '(config)#no class-map ZZZ' command. However, I cannot remove the policy-map with the '(config)# no policy-map ZZZ' which barks an error as I paste in the following:

config)# no policy-map ZZZ

ERROR: policy-map ZZZ is being configured and hence cannot be removed.

 

it worth to mention that this policy-map is not associated with neither service-policy, nor class-map

 

 

FWSM/CONTEXT_A# show running-config class-map
!
class-map inspection_default
 match default-inspection-traffic
!

 

FWSM/CONTEXT_A# show running-config policy-map
!
policy-map ZZZ
policy-map CSM_POLICY_MAP_global_1
 class inspection_default
  inspect icmp
  inspect icmp error
  inspect ftp
!

FWSM/CONTEXT_A# show running-config service-policy
service-policy CSM_POLICY_MAP_global_1 global

 

any idea?

Labels:
0 Helpful
4 Replies 4

Bogdan Nita
VIP Alumni
VIP Alumni

‎04-04-2018 02:51 AM

I've similar issues on the fwsm when a ssh session is stuck in config mode.

Can you try 'show ssh sessions' to see active sessions and then issue 'ssh disconnect' to disconnect the unused sessions ?

 

HTH

Bogdan

0 Helpful

jordan.jordani1992
Level 1
Level 1
In response to Bogdan Nita

‎04-04-2018 03:12 AM

Dear Bogdan
First off, I would like to thanks for your reply.
Following is the output from the FWSM:

FWSM/admin# show ssh sessions
SID Client IP Version Mode Encryption Hmac State Username
1 10.125.21.4 2.0 IN aes256-cbc sha1 SessionStarted SEC_TEAM
OUT aes256-cbc sha1 SessionStarted SEC_TEAM
FWSM/admin#
I believe that there is no stale or orphaned SSH connection.
It also worth mention that I manage the context through the Admin context.

Thanks for your help.

Regards
0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni
In response to jordan.jordani1992

‎04-04-2018 08:38 AM

Hi @jordan.jordani1992,

Sorry to hear that didn't work.

I have another idea , but it is a little bit far fetched for removing configuration that actually has no impact.

You can try removing the policy map after a reboot or failover.

0 Helpful

jordan.jordani1992
Level 1
Level 1
In response to Bogdan Nita

‎04-06-2018 11:27 PM

thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card