https://community.cisco.com/t5/network-security/stateful-connections/m-p/633555#M1036246 <P>hi guys, i got some prob in ASA plz help me out,, </P><P> </P><P> </P><P> pc1-----------ASA----------pc2</P><P> outside inside</P><P> </P><P> now see nat is disabled and i have given an accesslist to allow pc1 </P><P>to ping pc2. till here it is working fine. now suppose i have issued a</P><P>continuous ping from pc1 to pc 2 it goes well but meantime from CLI i removed the access list ! but the ping is still going !!!! if i stop it n</P><P>then issue ping again it is not going as expected, but my question is </P><P>why didnt it stopped when i removed the accesslist ???</P><P> heres my own guess, because the connection was formed already in ASA</P><P>stateful table so it was allowing it to go, so is it possible that if i</P><P>changed or modify an access list it takes the action immediately ? is </P><P>there any command for that ??? becoz i m having a lot of problem in testing </P><P>time</P><P>based acls they r simply not at all working with ASA, i m using 7.0 ios </P><P>so</P><P>any help plz ???</P><P> </P> Mon, 11 Mar 2019 09:02:57 GMT shahidrox 2019-03-11T09:02:57Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633555#M1036246 <P>hi guys, i got some prob in ASA plz help me out,, </P><P> </P><P> </P><P> pc1-----------ASA----------pc2</P><P> outside inside</P><P> </P><P> now see nat is disabled and i have given an accesslist to allow pc1 </P><P>to ping pc2. till here it is working fine. now suppose i have issued a</P><P>continuous ping from pc1 to pc 2 it goes well but meantime from CLI i removed the access list ! but the ping is still going !!!! if i stop it n</P><P>then issue ping again it is not going as expected, but my question is </P><P>why didnt it stopped when i removed the accesslist ???</P><P> heres my own guess, because the connection was formed already in ASA</P><P>stateful table so it was allowing it to go, so is it possible that if i</P><P>changed or modify an access list it takes the action immediately ? is </P><P>there any command for that ??? becoz i m having a lot of problem in testing </P><P>time</P><P>based acls they r simply not at all working with ASA, i m using 7.0 ios </P><P>so</P><P>any help plz ???</P><P> </P> Mon, 11 Mar 2019 09:02:57 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633555#M1036246 shahidrox 2019-03-11T09:02:57Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633556#M1036249 <HTML><HEAD></HEAD><BODY><P>If you remove the access-list and save it the action will be taken immediately</P></BODY></HTML> Wed, 06 Dec 2006 16:59:32 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633556#M1036249 drolemc 2006-12-06T16:59:32Z https://community.cisco.com/t5/network-security/stateful-connections/m-p/633557#M1036250 <HTML><HEAD></HEAD><BODY><P>You are correct.</P><P></P><P>Access list changes only apply to new connections initiated through the firewall. Existing connections (prior to your changes) keep going through the firewall unless you clear them.</P><P></P><P>You can do a 'show conn' to see what the connections are through your firewall.</P><P></P><P>--Jason</P><P></P><P>Please rate this message if it solved some/all of your question/issue.</P></BODY></HTML> Thu, 07 Dec 2006 02:23:25 GMT https://community.cisco.com/t5/network-security/stateful-connections/m-p/633557#M1036250 jgervia_2 2006-12-07T02:23:25Z