Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
847
Views
0
Helpful
3
Replies

After disable of allow rule connection is still active - How to close it ?

Go to solution
BjarkeVangsgard
Level 1
Level 1

‎10-26-2011 07:01 AM - edited ‎03-11-2019 02:42 PM

Hello everybody.

I am managing a firewall setup with some ASA 5510's.

One of the rules I have in the ACL list is to allow or deny (By disabling the rule) access to certain subnets.

I have a 3rd party vendor that from time to time need access to specific servers in the infrastructure, but I want to keep a certain level of control when they can access them and especially when they can not.

I know it works fine, I have done several tests to verify when they can connect and when they can not. But, now comes the tricky part, if they are already connected (Remote desktop) to the system, and I disable the rule, they are STILL!!! connected. It seems the firewall does not terminate the active session / cconnection when I disable the rule allowing them access..

I would VERY much like to be able to also terminate the connection, is there anyway to make that happen ?

They come in via a VPN tunnel on the outside firewall, I could kill the tunnel, but I have other connections comming in through the same tunnel, and would like to avoid killing those as well.

I have considered a staging server in between so I can have them logon to that first and kill it there, but i seems a bit much.

Any way of accomplishing this task on the firewall ?

Regards,

Bjarke V.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hobbe
Level 7
Level 7

‎10-27-2011 02:28 AM

Hi

clear xlate clears the whole translation table and "should" be used when doing changes to nat and ACL rules. However it is a command that is not always practical to do fx if you have lots of connections through the firewall. then you will break them all to be reestablished.

Clear conn clears a specific connection wich sounds more like what you want.

HTH

Good luck

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hobbe
Level 7
Level 7

‎10-27-2011 02:28 AM

Hi

clear xlate clears the whole translation table and "should" be used when doing changes to nat and ACL rules. However it is a command that is not always practical to do fx if you have lots of connections through the firewall. then you will break them all to be reestablished.

Clear conn clears a specific connection wich sounds more like what you want.

HTH

Good luck

0 Helpful

Go to solution
BjarkeVangsgard
Level 1
Level 1
In response to hobbe

‎10-27-2011 03:14 AM

That did the trick. Clear the connection to a specific IP works perfectly. Thank you.

0 Helpful

Go to solution
hobbe
Level 7
Level 7
In response to BjarkeVangsgard

‎10-27-2011 03:48 AM

Thank you for the rating !

Great that it works !

Good luck

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card