<div>
<div class="content wysiwyg-content">
I my Cisco ASA I filter incoming traffic by using access-lists. I have noticed that if I change the action on entry in the access-list from permit to deny, traffic still flows through connections that were active when I did the change. It seems that only new connections will be denied. To stop the traffic in active connections I have do run a &quot;clear conn address x.x.x.x&quot;.<br />
<br />
What I want is that all traffic specified in the access-list is stopped immediately when changing from permit to deny, without having to run the clear conn manually. <br />
<br />
Any tips on this?
</div>
</div>


I my Cisco ASA I filter incoming traffic by using access-lists. I have noticed that if I change the action on entry in the access-list from permit to deny, traffic still flows through connections that were active when I did the change. It seems that only new connections will be denied. To stop the traffic in active connections I have do run a "clear conn address x.x.x.x".

What I want is that all traffic specified in the access-list is stopped immediately when changing from permit to deny, without having to run the clear conn manually. 

Any tips on this?

Traffic through active connections after deny in address-list

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.