Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Downloadable ACL Timout settings?

I have two questions regarding Downloadable ACLs as it relates to PIX 515 E and ACS 3.0.2:

1. How long after the user disconnect, the temporary ACLs created by downloadable ACLs remain on PIX and are visible thru "show access-list"

(ie: access-list #ACSACL#-PIX-acs_ten_acl-3b5385f7 permit ip any any). I've seen them still there even an hour after user has closed it's session.

2. Also, I've noticed that a user who is authenticated and gets access to a web server via downloadable ACLs can still go back to the web site even a few minutes after closing all web browsers. How is this intervals adjustable?

Thanks in advance.

1 REPLY
Community Member

Re: Downloadable ACL Timout settings?

When you do a clear xlate not all translations are droppped try using clear local host, this could be the reason why even after you disable a acl some connection are able to work.

210
Views
0
Helpful
1
Replies
CreatePlease to create content