I have been asked to setup Timed ACLs to block internet traffic after 22:00. I have set this up and all work fine apart from one issue.
If the is a constant IP flow through the firewall (eg msn), this session remains active and as such traffic is allowed until a clear xlate is issued.
Is there a way to either automatically issue the clear xlate at 22:01 like (event manager on the PIX) or configuration to ensure the ACL will block established traffic at that time (note the DMZ will still need 24/7 access).
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)
Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "flash:/pix804.bin"
Config file at boot was "startup-config"
FW1 up 183 days 7 hours
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0 : address is 0016.47cb.f654, irq 10
1: Ext: Ethernet1 : address is 0016.47cb.f655, irq 11
2: Ext: Ethernet2 : address is 000e.0ca1.5ab2, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.