Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
2
Replies

clear connection on PIX 7.0

Go to solution
aliver
Level 1
Level 1

‎05-18-2006 01:16 AM - edited ‎02-21-2020 12:54 AM

Good day!

How to clear(reset) specified connection (defined by pair source/port-destionation/port) on PIX 7.04 if nat-control is off and xlate not using?

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Fernando_Meza
Level 7
Level 7

‎05-18-2006 04:04 AM

perhaps you can use the shun command. this will reset the connection but also will block future connections from the source IP matching the ports and protocol specified in the shun ..

"Step 1 If necessary, view information about the connection by entering the following command:

hostname# show conn

The security appliance shows information about each connection, such as the following:

TCP out 64.101.68.161:4300 in 10.86.194.60:23 idle 0:00:00 bytes 1297 flags UIO

Step 2 To shun connections from the source IP address, enter the following command:

hostname(config)# shun src_ip [dst_ip src_port dest_port [protocol]] [vlan vlan_id]

If you enter only the source IP address, then all future connections are shunned; existing connections

remain active.

To drop an existing connection, as well as blocking future connections from the source IP address, enter

the destination IP address, source and destination ports, and the protocol. By default, the protocol is 0 for IP.

Step 3 To remove the shun, enter the following command:

hostname(config)# no shun src_ip [vlan vlan_id] "

I hope it helps ... please rate if it it does !!!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Fernando_Meza
Level 7
Level 7

‎05-18-2006 04:04 AM

perhaps you can use the shun command. this will reset the connection but also will block future connections from the source IP matching the ports and protocol specified in the shun ..

"Step 1 If necessary, view information about the connection by entering the following command:

hostname# show conn

The security appliance shows information about each connection, such as the following:

TCP out 64.101.68.161:4300 in 10.86.194.60:23 idle 0:00:00 bytes 1297 flags UIO

Step 2 To shun connections from the source IP address, enter the following command:

hostname(config)# shun src_ip [dst_ip src_port dest_port [protocol]] [vlan vlan_id]

If you enter only the source IP address, then all future connections are shunned; existing connections

remain active.

To drop an existing connection, as well as blocking future connections from the source IP address, enter

the destination IP address, source and destination ports, and the protocol. By default, the protocol is 0 for IP.

Step 3 To remove the shun, enter the following command:

hostname(config)# no shun src_ip [vlan vlan_id] "

I hope it helps ... please rate if it it does !!!

0 Helpful

Go to solution
aliver
Level 1
Level 1
In response to Fernando_Meza

‎05-18-2006 05:06 AM

Thanks, Fernando!

it's exactly that what I need

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card