Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA 5500: connection is still on after the ACL is modified

Reply
Thread Tools

ASA 5500: connection is still on after the ACL is modified

 
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      09-17-2007
The answer may be simple but my searches could not show me any
solution.

On my ASA 5510, I have an access-list that has an entry allowing the
remote network to telnet to an internal host ( no NAT involved ) then
I assign that list to the external interface . All work fine as
expected.

Then I delete that access list entry. After that all *new* connections
cannot get in but the connection already opened before I delete that
entry is still there. I still be able to access the internal host thru
that connection even the access list does not allow that operation any
more.

How can I clear that alread-opened connection after I change the ACL ?

Thanks for your help,

DT

 
Reply With Quote
 
 
 
 
Brian V
Guest
Posts: n/a
 
      09-17-2007

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> The answer may be simple but my searches could not show me any
> solution.
>
> On my ASA 5510, I have an access-list that has an entry allowing the
> remote network to telnet to an internal host ( no NAT involved ) then
> I assign that list to the external interface . All work fine as
> expected.
>
> Then I delete that access list entry. After that all *new* connections
> cannot get in but the connection already opened before I delete that
> entry is still there. I still be able to access the internal host thru
> that connection even the access list does not allow that operation any
> more.
>
> How can I clear that alread-opened connection after I change the ACL ?
>
> Thanks for your help,
>
> DT
>


clear xlate....that will clear all the translations and they will rebuild
themselves

 
Reply With Quote
 
 
 
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      09-18-2007
On Sep 17, 5:16 pm, "Brian V" <(E-Mail Removed)> wrote:
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed) ups.com...
>
>
>
> > The answer may be simple but my searches could not show me any
> > solution.

>
> > On my ASA 5510, I have an access-list that has an entry allowing the
> > remote network to telnet to an internal host ( no NAT involved ) then
> > I assign that list to the external interface . All work fine as
> > expected.

>
> > Then I delete that access list entry. After that all *new* connections
> > cannot get in but the connection already opened before I delete that
> > entry is still there. I still be able to access the internal host thru
> > that connection even the access list does not allow that operation any
> > more.

>
> > How can I clear that alread-opened connection after I change the ACL ?

>
> > Thanks for your help,

>
> > DT

>
> clear xlate....that will clear all the translations and they will rebuild
> themselves


Thanks, Brian, but I think xlate is for NAT translation table. I
already tried that but the connection is still there. I still be able
to access the server after the ACL has been droppped and clear xlate
to be issued.

DT

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Downloadable ACL with ASA / IOS router and MS IAS Pseto Cisco 2 12-28-2007 03:06 PM
ASA - Match ACL Command & Radius Darren Green Cisco 0 11-09-2006 08:21 PM
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 Vimokh Cisco 3 09-06-2006 02:16 AM
Quick ACL Question for the ASA 5510 XxTRAINxX Cisco 0 03-05-2006 02:44 AM
PIX - Can extended ACL's be used as crypto ACL's on a PIX Shad T Cisco 0 06-29-2004 06:27 PM



Advertisments