Time based ACL issue

CSCO12059485 · ‎09-30-2013

In my office network i have a cisco asa 5510. I configured a time based acl to drop all connections for specific time range. I realize that the acl will only block new connections, and it will continue the connections that are already exist. for example if I do a countinus ping to a pc, it will countinue the icmp traffic flow even after the ACL applied to the interface. I can use "clear conn all" command to drop all connections, but its not practical. please tell me how to drop connections or the interface to a specific time range.

Thank you

cadet alain · ‎10-01-2013

Hi,

from where are you doing this ping ? if it is from the ASA then the ACL will never get hit as ACLs are only for transit traffic on the ASA.

Regards

Alain

Don't forget to rate helpful posts.

CSCO12059485 · ‎10-01-2013

Thank you for your time Dear Alain

Im sending ping from a host that is in the INSIDE network to a pc in OUTSIDE. The Acl is applied to OUTSIDE interface in inbound direction.

cadet alain · ‎10-01-2013

Hi,

are you inspecting ICMP ?

Regards

Alain

Don't forget to rate helpful posts.

CSCO12059485 · ‎10-01-2013

Hi

No, im not inspecting any traffic.

if I use "show conn" command when the acl applied to the interface, it will show the icmp connection on the asa. if I use "clear conn all" command the ping will be droped and will not be able to start a new ping.

thanks