Solved

Possible bug in 8.0.(3)

Posted on 2009-05-16
2
309 Views
Last Modified: 2012-05-07
We did some testing and applied an ACL, in on our inside interface. It was a deny ip any any
This worked to stop new sessions from going out, but existing sessions were NOT terminated.

They didn't terminate until I went in and did a "clear xlate"

Is this a bug? I seem to remember apply outbound policies before, and it took control right away

This is a pix 515e
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24411149
I did come across that at one point.  I believe that is normal operation.  Using the clear xlate after applying the access-list would be the correct way to terminate existing connections.  I'm sure it has to do with efficiency.  Once the connection has been established (passed ACL and other checks), the PIX doesn't have to check every packet through the same filters for that connection.
0
 

Author Comment

by:dissolved
ID: 24411522
makes sense, thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3650 switch licensing 6 77
cisco asa proxy arp 2 47
CTIOS error on Windows 10 3 62
types of VPN 2 56
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question