how do I delete a line in cisco router?

[abaseballfan]

Hello, can anyone tell me how to delete a line I already entered and saved into my cisco router, I have an access list and I need to delete a few of the lines because I opened the wrong ports up and not sure how to go back and take them out without deleting the entire list? and the problem I am having actually is our company needs to access a site that has the SSL security on it, and with our old Linksys router it would come up with the password and username but with this Cisco 831 router it has not even gave us the option for username and password, it just times out and says page cannot be displayed, so not sure what i need set in my router to access this? any ideas? Thank you.

 

[JOAMON]

Well...with access lists you do not have any option except to issue a no access-list ## command to remove the entire list. You cannot just remove one line...if you try you remove the entire list. Best way is to copy the access list into notepad...edit it...put the no access-list as the first line and then from the router#(conf) paste the whole thing in.....this will remove the old at the same time the new is put back in. Make sure to remove the access-group command on the interface to avoid any disconnects or other problems. Once the new access-list is in replace the access-group statement on the interface.

Are you wanting to access the router remotely? Do you have static IP address?

 

[abaseballfan]

oh wow I had no idea we could use notepad for something like that, very cool! where a small company who works for SBC and many other phone companies and we had to purchase this router in order to create a vpn connection, which I just recently got set up with the help of Cisco and this web site, and when our engineers are on the road they would like to access one computer here that has all the software on it they need, but not sure if that can be done or not, I know on the Linksys it was easy to do a remote set up, but on this here I have no clue where to start, thanks for your help on that.

 

[JOAMON]

Take a look at the following link:

http://www.cisco.com/en/US/products..._feature_guide09186a00800d9eee.html#wp1028244

 

[abaseballfan]

great thanks a lot

 

[JOAMON]

The 831 can be configured as a VPN server.....take a look at the following link.

http://www.cisco.com/warp/public/471/ios-unity.html

 

[abaseballfan]

Thanks sir, I did try the other link and put everything in it said for the HTTPS and still cannot access the site we need, I did that from home last night and I just have a Linksys there and it worked fine, so I am not doing something right to access the web site, it should come up with username and password and it just gives you the page cannot be displayed, any idea? Thanks

 

[JOAMON]

The first link should allow secure http access to the router itself. Do you have a static WAN IP address? What exactly are you needing to access remotely?

 

[abaseballfan]

I'm sorry I did not explain that right, we are trying to access a system from our office, it's not actually remotely, I did not word that right, so where trying to access a system from our office that I could access with the old Linksys router but with the Cisco router it will not allow us to access it, it just times out. I have added the ports it told me to add but still no luck, the site is one of our customers and we need access to pull down the latest job files, so I must have something set wrong or not even put in, if I can access this web site from home and not from the office?

 

[JOAMON]

WOULD BE HELPFUL IF YOU COULD POST THE CONFIG LESS ANY PASSWORDS.

 

[abaseballfan]

okay here is the configuration, and I know nothing about this, I was helped every step through so I only put in what I was told on all this stuff, so some of it may be right or wrong, I have no clue, but SBC is our main customer and I was working with an IT person in SBC who is supposed to help the SBC vendors and he that's who set up the vpn part of this router so I could access there drawings, but the other stuff I had help on from different people, I took out the passwords and the ip addresses from SBC since we cannot post any of there information like that, thank you.





!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$nAgz$QxuezlmewypCB4.5m8T7Y/
!
username privilege 15 secret 5 $1$HRIL$8Shq3NaTnaoFp5d/JNsFW1
username password
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
!
ip dhcp pool pool-dhcp
network 192.168.1.0 255.255.255.0
dns-server 151.164.14.201 151.164.1.8
default-router 192.168.1.1
lease infinite
!
ip dhcp pool POOL-DHCP
dns-server 151.164.14.201 151.164.1.8
default-router 192.168.1.1
!
!
ip domain name yourdomain.com
ip name-server 151.164.14.201
ip name-server 151.164.1.8
ip ips po max-events 100
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 18
encr 3des
authentication pre-share
group 2
crypto isakmp key address
!
!
crypto ipsec transform-set Alternative esp-3des esp-sha-hmac
!
crypto map mymap 11 ipsec-isakmp
set peer
set transform-set Alternative
set pfs group2
match address 148
!
!
!
interface Ethernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Ethernet1
no ip address
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address 255.255.255.248
ip access-group 120 in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username
crypto map mymap
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map nonat interface Dialer1 overload
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 120 permit tcp any any established
access-list 120 permit udp any any eq domain
access-list 120 permit udp any eq domain any
access-list 120 permit tcp any any eq smtp
access-list 120 permit tcp any any eq pop3
access-list 120 permit tcp any any eq ftp
access-list 120 permit tcp any gt 1023 any eq ftp-data
access-list 120 permit tcp any any gt 1023
access-list 120 permit tcp any any eq telnet
access-list 120 permit tcp any any eq 69
access-list 120 permit tcp any any eq finger
access-list 120 permit tcp any any eq www
access-list 120 permit tcp any any eq 161
access-list 120 permit tcp any any eq 144
access-list 120 permit tcp any any eq 115
access-list 120 permit tcp any any eq ident
access-list 120 permit icmp any any
access-list 120 permit udp any any eq isakmp
access-list 120 permit udp any any eq non500-isakmp
access-list 120 permit esp any any
access-list 120 permit tcp any any eq 443
access-list 120 permit tcp any any eq 1521
access-list 120 permit tcp any any eq 15000
access-list 120 permit tcp any any eq 139
access-list 120 permit tcp any any eq 812
access-list 120 permit tcp any any eq 813
access-list 120 permit tcp any any eq 814
access-list 120 permit tcp any any eq 815
access-list 120 permit tcp any any eq 816
access-list 120 permit tcp any any eq 817
access-list 120 permit tcp any any eq 818
access-list 120 permit tcp any any eq 819
access-list 120 permit tcp any any eq 820
access-list 120 permit tcp any any eq 821
access-list 120 permit tcp any any eq 1701
access-list 120 permit tcp any any eq 1702
access-list 120 permit tcp any any eq 1703
access-list 120 permit tcp any any eq 1704
access-list 120 permit tcp any any eq 1705
access-list 120 permit tcp any any eq 1706
access-list 120 permit tcp any any eq 1707
access-list 120 permit tcp any any eq 32771
access-list 129 permit ip 192.168.1.0 0.0.0.255 any
access-list 148 permit ip host
access-list 148 permit ip host
access-list 148 permit ip host
access-list 148 permit ip host
access-list 148 permit ip host
route-map nonat permit 10
match ip address 129
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device. This
feature requires the one time use, initial credentials, of username
with password

Please change these publicly known initial credentials through SDM or IOS CLI.
Here's the Cisco IOS command:



NOTE: Please add a new username to be able to launch SDM for router management.

For more information about SDM please follow the instructions in the QUICK
START GUIDE for your router or at

http://www.cisco.com/go/sdm

-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
password
login
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end

 

[pirateclem]

I am relatively new to ACL's myself but as I understand it you have two options. #1, download your ACL to your TFTP server make your changes then be certain to remove the ACL from interface (no ip access-group) and then delete the ACL from the router(no access-list), then upload from the TFTP server and reapply the list to the interface. If you add in the access list while the current one is in use it will tack onto the end of the existing one rather than replace it. #2, if you are using named standard or extended ACL's your life will be much easier. These lists will number entries as below (sequenced ACL)

10 permit tcp any any
20 permit udp any any
30 deny ip any any

From here you can delete or add lines in your acl with commands (while in conf for that ACL) such as:

no 10
(to remove line 10)

-or-

15 permit tcp any 1.1.1.1 eq www
(adds in line 15 between line 10 and 20)

Remember, with ACL's order matters!
If I am incorrect, then I am certain someone will correct me. Hope this helps.