Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
2
Replies

Traffic does not stop when changing from permit to deny in access-list

cisco
Level 1
Level 1

‎11-19-2010 06:19 AM - edited ‎03-11-2019 12:11 PM

Hi,

I have a question about access-lists on Cisco Asa 5520. If I change the action on an access-list from permit to deny, traffic that belongs to already active connections will still be permitted. Only new connections will be denied. I want that also traffic belonging to active connections will stop immediately when I change the access-list, how can I do this?

Labels:
0 Helpful
2 Replies 2

apothula
Level 1
Level 1

‎11-19-2010 07:02 AM

After making the changes, do a clear conn on the ASA. It will drop all active connections going through the ASA.


That should do it.

Cheers,


Nash.

0 Helpful

cisco
Level 1
Level 1
In response to apothula

‎11-22-2010 11:20 AM

Hi and thanks for your answer!

I could do a clear conn address x.x.x.x but in this case I use a time-range to automatically open up and close the access. When the end of the time-range is reached, new connections will be denied, but I would also like exsisting connections to stop. Now traffic can still be sent through the exsisting connections even if the access-list will stop new connections. Is this possible to configure?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card