Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
2
Replies

Access-List element fails to work

bforan
Level 1
Level 1

‎01-14-2005 11:15 AM - edited ‎02-20-2020 09:26 PM

I'm running version 6.3(3) on my pix.

I've placed a new element into line 1 of the inbound access-list of my pix. This element is supposed to deny snmptrap traffic from a specific host. But, it fails to block the snmptraps coming from the blocked host.

More background:

-The Inbound ACL has over 100 other elements to it

-The Inbound ACL is applied correctly

-All other elements of the ACL work as epected

-Turbo ACL enabled

-No typos in the non-functioning element of the ACL

I'm trying to figure out why these new elements don't take affect immediately. I'm not sure if this has happened before as ACL changes are not normally as critical as this particular one.

Any thoughts would be appreciated.

B

Labels:
0 Helpful
2 Replies 2

scoclayton
Level 7
Level 7

‎01-14-2005 12:59 PM

Is there a connection already established on the PIX? If so, the new entry will not be applied to the traffic until the connection is removed (either via time-out or manually). Take a look at a 'sh local-host ' to see if a connection is already established.

That's the only thing I can think of unless there is a problem with the Turbo ACL's. I am not aware of any issues however.

Scott

0 Helpful

bforan
Level 1
Level 1
In response to scoclayton

‎01-14-2005 01:38 PM

Yes, there is already a connection established.

PIXPRI(config)# show local-host x.x.x.7

Interface inside: 35 active, 70 maximum active, 0 denied

I would assume that the manual command to clear is clear local-host <>, but that command didn't seem to change anything.

B

0 Helpful
Customers Also Viewed These Support Documents