cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
0
Helpful
1
Replies

The deny access-list didnt block all the internet traffic

mahmoud.yasin
Level 1
Level 1

Hello

i have ASA 5520, and created an access-list (deny ip any any) and applied it to the inside interface (access-group in interface inside).

but the surprise was that not all the internet traffic were blocked; like the skype and messengers!!!

is there a missing part??

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Do you just have 1 ACL line that says deny ip any any, or you have other access-list that might have permitted the skype or messengers traffic?

If there is existing skype or messengers traffic, it will not be blocked when you just apply the deny ip any any until you clear the connection.

"clear xlate" will clear all existing translation and connections. Please try to see if skype and messenger still work after clearing the xlate.

Review Cisco Networking for a $25 gift card