Solved: Automate clearing of connections for time based ACL.

nwtimberlake75 · ‎07-24-2023

We are using a time based ACL and have run into an issue. While the time based ACL will prevent new connections, it does not break the existing connections. Is there a way to automate clearing of existing connections at the same time the ACL takes effect?

MHM Cisco World · ‎07-24-2023

Yes this exactly what I talking about,
using EEM to clear conn make host build new conn which effect by timebased ACL.
MHM

View solution in original post

MHM Cisco World · ‎07-24-2023

Flexconfig using EEM timer' clear conn.

This only solution I know

tvotna · ‎07-24-2023

This is not possible. ASA EEM doesn't support tcl, hence cannot be programmed to take time-ranges from ACLs and run "clear conn" at specified time.

MHM Cisco World · ‎07-24-2023

Asa support eem but not support all eem feature' but I will consider your point and check in my lab.

nwtimberlake75 · ‎07-24-2023

I am looking at using the following commands from here - ASA Embedded Event Manager Configuration Example - Cisco

event manager applet reset_connections
description "Clear connections to vendor"
event timer absolute time 22:30:00
action 1 cli command "clear conn all address <ip address1>"
action 2 cli command "clear conn all address <ip address2>"

MHM Cisco World · ‎07-24-2023

Yes this exactly what I talking about,
using EEM to clear conn make host build new conn which effect by timebased ACL.
MHM