11-19-2010 06:19 AM - edited 03-11-2019 12:11 PM
Hi,
I have a question about access-lists on Cisco Asa 5520. If I change the action on an access-list from permit to deny, traffic that belongs to already active connections will still be permitted. Only new connections will be denied. I want that also traffic belonging to active connections will stop immediately when I change the access-list, how can I do this?
11-19-2010 07:02 AM
After making the changes, do a clear conn on the ASA. It will drop all active connections going through the ASA.
That should do it.
Cheers,
Nash.
11-22-2010 11:20 AM
Hi and thanks for your answer!
I could do a clear conn address x.x.x.x but in this case I use a time-range to automatically open up and close the access. When the end of the time-range is reached, new connections will be denied, but I would also like exsisting connections to stop. Now traffic can still be sent through the exsisting connections even if the access-list will stop new connections. Is this possible to configure?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide