Solved

Possible bug in 8.0.(3)

Posted on 2009-05-16
2
299 Views
Last Modified: 2012-05-07
We did some testing and applied an ACL, in on our inside interface. It was a deny ip any any
This worked to stop new sessions from going out, but existing sessions were NOT terminated.

They didn't terminate until I went in and did a "clear xlate"

Is this a bug? I seem to remember apply outbound policies before, and it took control right away

This is a pix 515e
0
Comment
Question by:dissolved
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
I did come across that at one point.  I believe that is normal operation.  Using the clear xlate after applying the access-list would be the correct way to terminate existing connections.  I'm sure it has to do with efficiency.  Once the connection has been established (passed ACL and other checks), the PIX doesn't have to check every packet through the same filters for that connection.
0
 

Author Comment

by:dissolved
Comment Utility
makes sense, thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VLAN ip for Cisco switch 11 55
Routing VLANs 5 43
Cisco ASA 5516-X Configuration 4 44
NEXUS3524 - SFP validation failed 3 27
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now