https://community.cisco.com/t5/network-security/stateful-connections/m-p/633597#M1036237 <P>hi guys, i got some prob in ASA plz help me out,, </P><P> </P><P> </P><P> pc1-----------ASA----------pc2</P><P> outside inside</P><P> </P><P> now see nat is disabled and i have given an accesslist to allow pc1 </P><P>to ping pc2. till here it is working fine. now suppose i have issued a</P><P>continuous ping from pc1 to pc 2 it goes well but meantime from CLI i removed the access list ! but the ping is still going !!!! if i stop it n</P><P>then issue ping again it is not going as expected, but my question is </P><P>why didnt it stopped when i removed the accesslist ???</P><P> heres my own guess, because the connection was formed already in ASA</P><P>stateful table so it was allowing it to go, so is it possible that if i</P><P>changed or modify an access list it takes the action immediately ? is </P><P>there any command for that ??? becoz i m having a lot of problem in testing </P><P>time</P><P>based acls they r simply not at all working with ASA, i m using 7.0 ios </P><P>so</P><P>any help plz ???</P><P> </P> Mon, 11 Mar 2019 09:03:00 GMT shahidrox 2019-03-11T09:03:00Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633597#M1036237 <P>hi guys, i got some prob in ASA plz help me out,, </P><P> </P><P> </P><P> pc1-----------ASA----------pc2</P><P> outside inside</P><P> </P><P> now see nat is disabled and i have given an accesslist to allow pc1 </P><P>to ping pc2. till here it is working fine. now suppose i have issued a</P><P>continuous ping from pc1 to pc 2 it goes well but meantime from CLI i removed the access list ! but the ping is still going !!!! if i stop it n</P><P>then issue ping again it is not going as expected, but my question is </P><P>why didnt it stopped when i removed the accesslist ???</P><P> heres my own guess, because the connection was formed already in ASA</P><P>stateful table so it was allowing it to go, so is it possible that if i</P><P>changed or modify an access list it takes the action immediately ? is </P><P>there any command for that ??? becoz i m having a lot of problem in testing </P><P>time</P><P>based acls they r simply not at all working with ASA, i m using 7.0 ios </P><P>so</P><P>any help plz ???</P><P> </P> Mon, 11 Mar 2019 09:03:00 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633597#M1036237 shahidrox 2019-03-11T09:03:00Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633598#M1036239 <HTML><HEAD></HEAD><BODY><P>You're right. It will still pinging because the connection table for the existing ping session is still active. It will only gone if you manually stop the ping or issue 'cle xlate' command.</P><P></P><P>Use the 'clear xlate' everytime you want to clear the connection</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/products/ps6120/products_command_reference_chapter09186a008063f0de.html#wp2029296" target="_blank">http://www.cisco.com/en/US/customer/products/ps6120/products_command_reference_chapter09186a008063f0de.html#wp2029296</A></P><P></P><P></P><P>HTH</P><P>AK</P></BODY></HTML> Sun, 03 Dec 2006 03:57:04 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633598#M1036239 a.kiprawih 2006-12-03T03:57:04Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633599#M1036241 <HTML><HEAD></HEAD><BODY><P>but dont u think this is inconvenient ?? like if there are 2 outside users connected to my webserver n i want to block 1 of them so i designed an acl but if i clear xlate then both of the connections will be reset !!! is there any other way</P></BODY></HTML> Sun, 03 Dec 2006 11:42:21 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633599#M1036241 shahidrox 2006-12-03T11:42:21Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633600#M1036242 <HTML><HEAD></HEAD><BODY><P>Another way is to use "clear local-host <LOCAL-HOST_INTERNAL_IP>" command.</LOCAL-HOST_INTERNAL_IP></P><P></P><P>FWALL#clear local-host 10.1.1.15</P><P></P><P>This will clear the network state of a local host stops all network connections and xlates that are associated ONLY with the local hosts.</P><P></P><P>AK</P></BODY></HTML> Sun, 03 Dec 2006 13:35:30 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633600#M1036242 a.kiprawih 2006-12-03T13:35:30Z