Re: Time range ACL on ASA5510

christianpho · ‎10-22-2018

Hi,

I try to allow communication for one specific IP to connect on the Internet in only specific time ranges.

Monday to Friday 7:00PM to 8:30PM.

As I know I not possible to start a new communication outside of this time window. But I was expect if a communication was started within the time range, that communication will be deny starting at 8:30PM, but I found the communication was still available at 8:45PM.

Any other option that I should modify to make it work as I was expected ?

Thank you

balaji.bandi · ‎10-22-2018

what is the ASA Version here :

but high level example :

time-range working_hours
periodic weekdays 19:00 to 20:30

access-list limit extended permit ip host 192.168.1.10 any time-range working_hours
access-list limit extended permit ip any host 192.168.1.10 time-range working_hours

class-map class
match access-list limit

policy-map outside-policy
class class
service-policy outside-policy interface outside

Hope this helps you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

christianpho · ‎10-23-2018

Hi,

Actually, the ASA run 9.1.(7)16 and ASDM VERSION 7.7.(1)150.

The ACL is directly applied on the inside interface without using any service policy. I works at some point since the connection not start if the connection is tried before the allowed period. But after the communication flow is establish it continue to works after the allowed period. Maybe important ting to notice most of the communication would based on UDP paquets.

The Inside interface as been dedicated for that communication.

Thank you

balaji.bandi · ‎10-23-2018

The example i have given to allow in that time range, you should have deny rule also to cover.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help