Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
2
Replies

Access list affect

Go to solution
elliot_adlerson
Level 1
Level 1

‎06-20-2022 12:19 AM - edited ‎06-20-2022 12:21 AM

I have the following concerns regarding access lists on ASA:

We've permitted the computer below to access the file server and from the computer, we've opened a doc file and made some changes.


Computer (192.168.1.10) > ASA > File Server (192.168.2.3)


while the doc file is still open on the computer, on the ASA I've changed the access list to deny but the interesting thing is the computer can still make changes to the document and save it on the file server.

Unless I run "clear conn address 192.168.1.10" then the access list change takes effect and block the traffic.

Why the ASA won't drop the traffic immediately? Is it by design? Is there any official document about this?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-20-2022 12:44 AM

@elliot_adlerson yes that is correct and by design.

 

Reference here

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/A-H/asa-command-ref-A-H/clear-a-to-clear-k-commands.html#wp7335946330

 

"When you make security policy changes to the configuration, all new connections use the new security policy. Existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy using the clear conn command."

 

 

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎06-20-2022 12:44 AM

@elliot_adlerson yes that is correct and by design.

 

Reference here

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/A-H/asa-command-ref-A-H/clear-a-to-clear-k-commands.html#wp7335946330

 

"When you make security policy changes to the configuration, all new connections use the new security policy. Existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy using the clear conn command."

 

 

 

 

0 Helpful

Go to solution
elliot_adlerson
Level 1
Level 1
In response to Rob Ingram

‎06-20-2022 01:17 AM

@Rob Ingram 

many thanks for your reply I really appreciate it.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card