Solved

Traffic through active connections after deny in address-list

Posted on 2010-11-19
1
666 Views
Last Modified: 2012-05-10
I my Cisco ASA I filter incoming traffic by using access-lists. I have noticed that if I change the action on entry in the access-list from permit to deny, traffic still flows through connections that were active when I did the change. It seems that only new connections will be denied. To stop the traffic in active connections I have do run a "clear conn address x.x.x.x".

What I want is that all traffic specified in the access-list is stopped immediately when changing from permit to deny, without having to run the clear conn manually.

Any tips on this?
0
Comment
Question by:thoree
1 Comment
 
LVL 10

Accepted Solution

by:
cstosgale earned 500 total points
ID: 34176177
You won't be able to achieve this as far as I am aware. This is due to the way the ASA handles it's traffic to make it a lot more efficient. You could of course adjust the timeout values on TCP connections for example so the sessions were torn down quicker.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now