Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   ASA 5500: connection is still on after the ACL is modified (http://www.velocityreviews.com/forums/t537953-asa-5500-connection-is-still-on-after-the-acl-is-modified.html)

dt1649651@yahoo.com 09-17-2007 05:10 PM
ASA 5500: connection is still on after the ACL is modified
 
The answer may be simple but my searches could not show me any
solution.

On my ASA 5510, I have an access-list that has an entry allowing the
remote network to telnet to an internal host ( no NAT involved ) then
I assign that list to the external interface . All work fine as
expected.

Then I delete that access list entry. After that all *new* connections
cannot get in but the connection already opened before I delete that
entry is still there. I still be able to access the internal host thru
that connection even the access list does not allow that operation any
more.

How can I clear that alread-opened connection after I change the ACL ?

Thanks for your help,

DT

Brian V 09-17-2007 10:16 PM
Re: ASA 5500: connection is still on after the ACL is modified
 

<dt1649651@yahoo.com> wrote in message
news:1190049000.616334.10010@o80g2000hse.googlegro ups.com...
> The answer may be simple but my searches could not show me any
> solution.
>
> On my ASA 5510, I have an access-list that has an entry allowing the
> remote network to telnet to an internal host ( no NAT involved ) then
> I assign that list to the external interface . All work fine as
> expected.
>
> Then I delete that access list entry. After that all *new* connections
> cannot get in but the connection already opened before I delete that
> entry is still there. I still be able to access the internal host thru
> that connection even the access list does not allow that operation any
> more.
>
> How can I clear that alread-opened connection after I change the ACL ?
>
> Thanks for your help,
>
> DT
>

clear xlate....that will clear all the translations and they will rebuild
themselves


dt1649651@yahoo.com 09-18-2007 03:28 PM
Re: ASA 5500: connection is still on after the ACL is modified
 
On Sep 17, 5:16 pm, "Brian V" <diespam...@nospam.com> wrote:
> <dt1649...@yahoo.com> wrote in message
>
> news:1190049000.616334.10010@o80g2000hse.googlegro ups.com...
>
>
>
> > The answer may be simple but my searches could not show me any
> > solution.
>
> > On my ASA 5510, I have an access-list that has an entry allowing the
> > remote network to telnet to an internal host ( no NAT involved ) then
> > I assign that list to the external interface . All work fine as
> > expected.
>
> > Then I delete that access list entry. After that all *new* connections
> > cannot get in but the connection already opened before I delete that
> > entry is still there. I still be able to access the internal host thru
> > that connection even the access list does not allow that operation any
> > more.
>
> > How can I clear that alread-opened connection after I change the ACL ?
>
> > Thanks for your help,
>
> > DT
>
> clear xlate....that will clear all the translations and they will rebuild
> themselves

Thanks, Brian, but I think xlate is for NAT translation table. I
already tried that but the connection is still there. I still be able
to access the server after the ACL has been droppped and clear xlate
to be issued.

DT


All times are GMT. The time now is 11:38 PM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57