cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
396
Views
0
Helpful
2
Replies

Traffic does not stop when changing from permit to deny in access-list

cisco
Level 1
Level 1

Hi,

I have a question about access-lists on Cisco Asa 5520. If I change the action on an access-list from permit to deny, traffic that belongs to already active connections will still be permitted. Only new connections will be denied. I want that also traffic belonging to active connections will stop immediately when I change the access-list, how can I do this?

2 Replies 2

apothula
Level 1
Level 1

After making the changes, do a clear conn on the ASA. It will drop all active connections going through the ASA.


That should do it.

Cheers,


Nash.

Hi and thanks for your answer!

I could do a clear conn address x.x.x.x but in this case I use a time-range to automatically open up and close the access. When the end of the time-range is reached, new connections will be denied, but I would also like exsisting connections to stop. Now traffic can still be sent through the exsisting connections even if the access-list will stop new connections. Is this possible to configure?

Review Cisco Networking for a $25 gift card