Possible bug in 8.0.(3)

We did some testing and applied an ACL, in on our inside interface. It was a deny ip any any
This worked to stop new sessions from going out, but existing sessions were NOT terminated.

They didn't terminate until I went in and did a "clear xlate"

Is this a bug? I seem to remember apply outbound policies before, and it took control right away

This is a pix 515e
dissolvedAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
I did come across that at one point.  I believe that is normal operation.  Using the clear xlate after applying the access-list would be the correct way to terminate existing connections.  I'm sure it has to do with efficiency.  Once the connection has been established (passed ACL and other checks), the PIX doesn't have to check every packet through the same filters for that connection.
0
 
dissolvedAuthor Commented:
makes sense, thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.