Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
937
Views
0
Helpful
1
Replies

UC520 - Dropping sessions

Go to solution
Eivind Jonassen
Level 4
Level 4

‎02-11-2010 12:57 PM - last edited on ‎03-25-2019 10:47 PM by Community Manager

Hi,

I'm curious about a strange FW behavior. If i use the following command:

interface FastEthernet0/0

no ip access-group 108 in

make some adjustments to the acl, and the enable the access-list again with the command:

interface FastEthernet0/0

ip access-group 108 in

The FW drops any existing TCP sessions. WHY?
My test was that I did a SSH session to a remote server. I used the commands above without making changes to the ACL, but still the SSH session is dropped. If I unplug my network cable and reconnect it within 3 seconds, the session is not dropped (just had to test it).
Could anyone explain why the FW is dropping sessions when disabling and enabling the ACL??
Thanks,
Eivind
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Steven DiStefano
VIP Alumni
VIP Alumni

‎02-13-2010 01:06 PM

Just a thought...

I wonder if the application of the ACL on the interface after a TCP connection is established doesnt recognize the start of the session and maybe thinks its 'half open' and drops it?

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Steven DiStefano
VIP Alumni
VIP Alumni

‎02-13-2010 01:06 PM

Just a thought...

I wonder if the application of the ACL on the interface after a TCP connection is established doesnt recognize the start of the session and maybe thinks its 'half open' and drops it?

0 Helpful
Customers Also Viewed These Support Documents