https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288189#M342365 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P></P><P>No, im not inspecting any traffic. </P><P></P><P>if I use "show conn" command when the acl applied to the interface, it will show the icmp connection on the asa. if I use "clear conn all" command the ping will be droped and will not be able to start a new ping.</P><P></P><P>thanks</P></BODY></HTML> Tue, 01 Oct 2013 10:34:35 GMT CSCO12059485 2013-10-01T10:34:35Z https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288185#M342358 <P>In my office network i have a cisco asa 5510. I configured a time based acl to drop all connections for specific time range. I realize that the acl will only block new connections, and it will continue the connections that are already exist. for example if I do a countinus ping to a pc, it will countinue the icmp traffic flow even after the ACL applied to the interface. I can use "clear conn all" command to drop all connections, but its not practical. please tell me how to drop connections or the interface to a specific time range.</P><P></P><P>Thank you</P> Tue, 12 Mar 2019 02:45:02 GMT https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288185#M342358 CSCO12059485 2019-03-12T02:45:02Z https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288186#M342360 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>from where are you doing this ping ? if it is from the ASA then the ACL will never get hit as ACLs are only for transit traffic on the ASA.</P><P></P><P>Regards</P><P></P><P>Alain</P><P></P><P></P><P>Don't forget to rate helpful posts.</P></BODY></HTML> Tue, 01 Oct 2013 08:30:03 GMT https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288186#M342360 cadet alain 2013-10-01T08:30:03Z https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288187#M342361 <HTML><HEAD></HEAD><BODY><P>Thank you for your time Dear Alain</P><P></P><P>Im sending ping from a host that is in the INSIDE network to a pc in OUTSIDE. The Acl is applied to OUTSIDE interface in inbound direction.</P></BODY></HTML> Tue, 01 Oct 2013 09:26:40 GMT https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288187#M342361 CSCO12059485 2013-10-01T09:26:40Z https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288188#M342362 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>are you inspecting ICMP ?</P><P></P><P>Regards</P><P></P><P>Alain</P><P></P><P></P><P>Don't forget to rate helpful posts.</P></BODY></HTML> Tue, 01 Oct 2013 09:43:25 GMT https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288188#M342362 cadet alain 2013-10-01T09:43:25Z https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288189#M342365 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P></P><P>No, im not inspecting any traffic. </P><P></P><P>if I use "show conn" command when the acl applied to the interface, it will show the icmp connection on the asa. if I use "clear conn all" command the ping will be droped and will not be able to start a new ping.</P><P></P><P>thanks</P></BODY></HTML> Tue, 01 Oct 2013 10:34:35 GMT https://community.cisco.com/t5/network-security/time-based-acl-issue/m-p/2288189#M342365 CSCO12059485 2013-10-01T10:34:35Z