?
Solved

Traffic through active connections after deny in address-list

Posted on 2010-11-19
1
Medium Priority
?
673 Views
Last Modified: 2012-05-10
I my Cisco ASA I filter incoming traffic by using access-lists. I have noticed that if I change the action on entry in the access-list from permit to deny, traffic still flows through connections that were active when I did the change. It seems that only new connections will be denied. To stop the traffic in active connections I have do run a "clear conn address x.x.x.x".

What I want is that all traffic specified in the access-list is stopped immediately when changing from permit to deny, without having to run the clear conn manually.

Any tips on this?
0
Comment
Question by:thoree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
cstosgale earned 2000 total points
ID: 34176177
You won't be able to achieve this as far as I am aware. This is due to the way the ASA handles it's traffic to make it a lot more efficient. You could of course adjust the timeout values on TCP connections for example so the sessions were torn down quicker.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month11 days, 15 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question