Solved

Traffic through active connections after deny in address-list

Posted on 2010-11-19
1
669 Views
Last Modified: 2012-05-10
I my Cisco ASA I filter incoming traffic by using access-lists. I have noticed that if I change the action on entry in the access-list from permit to deny, traffic still flows through connections that were active when I did the change. It seems that only new connections will be denied. To stop the traffic in active connections I have do run a "clear conn address x.x.x.x".

What I want is that all traffic specified in the access-list is stopped immediately when changing from permit to deny, without having to run the clear conn manually.

Any tips on this?
0
Comment
Question by:thoree
1 Comment
 
LVL 10

Accepted Solution

by:
cstosgale earned 500 total points
ID: 34176177
You won't be able to achieve this as far as I am aware. This is due to the way the ASA handles it's traffic to make it a lot more efficient. You could of course adjust the timeout values on TCP connections for example so the sessions were torn down quicker.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question