cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
684
Views
0
Helpful
3
Replies

After disable of allow rule connection is still active - How to close it ?

BjarkeVangsgard
Beginner
Beginner

Hello everybody.

I am managing a firewall setup with some ASA 5510's.

One of the rules I have in the ACL list is to allow or deny (By disabling the rule) access to certain subnets.

I have a 3rd party vendor that from time to time need access to specific servers in the infrastructure, but I want to keep a certain level of control when they can access them and especially when they can not.

I know it works fine, I have done several tests to verify when they can connect and when they can not. But, now comes the tricky part, if they are already connected (Remote desktop) to the system, and I disable the rule, they are STILL!!! connected. It seems the firewall does not terminate the active session / cconnection when I disable the rule allowing them access..

I would VERY much like to be able to also terminate the connection, is there anyway to make that happen ?

They come in via a VPN tunnel on the outside firewall, I could kill the tunnel, but I have other connections comming in through the same tunnel, and would like to avoid killing those as well.

I have considered a staging server in between so I can have them logon to that first and kill it there, but i seems a bit much.

Any way of accomplishing this task on the firewall ?

Regards,

Bjarke V.

1 Accepted Solution

Accepted Solutions

hobbe
Rising star
Rising star

Hi

clear xlate clears the whole translation table and "should" be used when doing changes to nat and ACL rules. However it is a command that is not always practical to do fx if you have lots of connections through the firewall. then you will break them all to be reestablished.

Clear conn clears a specific connection wich sounds more like what you want.

HTH

Good luck

View solution in original post

3 Replies 3

hobbe
Rising star
Rising star

Hi

clear xlate clears the whole translation table and "should" be used when doing changes to nat and ACL rules. However it is a command that is not always practical to do fx if you have lots of connections through the firewall. then you will break them all to be reestablished.

Clear conn clears a specific connection wich sounds more like what you want.

HTH

Good luck

That did the trick. Clear the connection to a specific IP works perfectly. Thank you.

Thank you for the rating !

Great that it works !

Good luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: