Solved

Possible bug in 8.0.(3)

Posted on 2009-05-16
2
302 Views
Last Modified: 2012-05-07
We did some testing and applied an ACL, in on our inside interface. It was a deny ip any any
This worked to stop new sessions from going out, but existing sessions were NOT terminated.

They didn't terminate until I went in and did a "clear xlate"

Is this a bug? I seem to remember apply outbound policies before, and it took control right away

This is a pix 515e
0
Comment
Question by:dissolved
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24411149
I did come across that at one point.  I believe that is normal operation.  Using the clear xlate after applying the access-list would be the correct way to terminate existing connections.  I'm sure it has to do with efficiency.  Once the connection has been established (passed ACL and other checks), the PIX doesn't have to check every packet through the same filters for that connection.
0
 

Author Comment

by:dissolved
ID: 24411522
makes sense, thanks
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question