Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Traffic does not stop when changing from permit to deny in access-list

Hi,

I have a question about access-lists on Cisco Asa 5520. If I change the action on an access-list from permit to deny, traffic that belongs to already active connections will still be permitted. Only new connections will be denied. I want that also traffic belonging to active connections will stop immediately when I change the access-list, how can I do this?

2 REPLIES
Bronze

Re: Traffic does not stop when changing from permit to deny in a

After making the changes, do a clear conn on the ASA. It will drop all active connections going through the ASA.


That should do it.

Cheers,


Nash.

New Member

Re: Traffic does not stop when changing from permit to deny in a

Hi and thanks for your answer!

I could do a clear conn address x.x.x.x but in this case I use a time-range to automatically open up and close the access. When the end of the time-range is reached, new connections will be denied, but I would also like exsisting connections to stop. Now traffic can still be sent through the exsisting connections even if the access-list will stop new connections. Is this possible to configure?

183
Views
0
Helpful
2
Replies
CreatePlease to create content