Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
2
Replies

Cisco ASA Packet Flow Information

ashish_in_network
Level 1
Level 1

‎02-14-2017 08:33 AM - edited ‎03-12-2019 01:56 AM

Hello,

I have a firewall rule( ACL) that allows connection between source 1.1.1.1 and destination 2.2.2.2 on any port.

access-list outbound extended permit ip host 1.1.1.1 host 2.2.2.2

Question:

If I remove above rule and add it back again(~after 1 min), will the above connection still works? In other words, How long will the above connection work after I remove acl?

Really appreciate your response.

Thanks,

Ashish

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-14-2017 12:58 PM

I think it will stop working immediately.

0 Helpful

Antoine Leblond
Level 1
Level 1

‎02-26-2017 07:02 AM

As far as I know, if it's a TCP connection, current established connections will remain up until they end or timeout, removing the acl will not kill them.

You will have to "clear conn" them to forcibly shut them out, then they will be denied until you re-add the acl.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card