ASA 5500: connection is still on after the ACL is modified

Discussion in 'Cisco' started by dt1649651@yahoo.com, Sep 17, 2007.

  1. Guest

    The answer may be simple but my searches could not show me any
    solution.

    On my ASA 5510, I have an access-list that has an entry allowing the
    remote network to telnet to an internal host ( no NAT involved ) then
    I assign that list to the external interface . All work fine as
    expected.

    Then I delete that access list entry. After that all *new* connections
    cannot get in but the connection already opened before I delete that
    entry is still there. I still be able to access the internal host thru
    that connection even the access list does not allow that operation any
    more.

    How can I clear that alread-opened connection after I change the ACL ?

    Thanks for your help,

    DT
     
    , Sep 17, 2007
    #1
    1. Advertising

  2. Brian V Guest

    <> wrote in message
    news:...
    > The answer may be simple but my searches could not show me any
    > solution.
    >
    > On my ASA 5510, I have an access-list that has an entry allowing the
    > remote network to telnet to an internal host ( no NAT involved ) then
    > I assign that list to the external interface . All work fine as
    > expected.
    >
    > Then I delete that access list entry. After that all *new* connections
    > cannot get in but the connection already opened before I delete that
    > entry is still there. I still be able to access the internal host thru
    > that connection even the access list does not allow that operation any
    > more.
    >
    > How can I clear that alread-opened connection after I change the ACL ?
    >
    > Thanks for your help,
    >
    > DT
    >


    clear xlate....that will clear all the translations and they will rebuild
    themselves
     
    Brian V, Sep 17, 2007
    #2
    1. Advertising

  3. Guest

    On Sep 17, 5:16 pm, "Brian V" <> wrote:
    > <> wrote in message
    >
    > news:...
    >
    >
    >
    > > The answer may be simple but my searches could not show me any
    > > solution.

    >
    > > On my ASA 5510, I have an access-list that has an entry allowing the
    > > remote network to telnet to an internal host ( no NAT involved ) then
    > > I assign that list to the external interface . All work fine as
    > > expected.

    >
    > > Then I delete that access list entry. After that all *new* connections
    > > cannot get in but the connection already opened before I delete that
    > > entry is still there. I still be able to access the internal host thru
    > > that connection even the access list does not allow that operation any
    > > more.

    >
    > > How can I clear that alread-opened connection after I change the ACL ?

    >
    > > Thanks for your help,

    >
    > > DT

    >
    > clear xlate....that will clear all the translations and they will rebuild
    > themselves


    Thanks, Brian, but I think xlate is for NAT translation table. I
    already tried that but the connection is still there. I still be able
    to access the server after the ACL has been droppped and clear xlate
    to be issued.

    DT
     
    , Sep 18, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    2
    Views:
    787
    hschlecht
    Jun 7, 2006
  2. Replies:
    1
    Views:
    541
    ciscosec
    Sep 22, 2006
  3. Ned
    Replies:
    1
    Views:
    334
    Doug McIntyre
    Nov 15, 2006
  4. Replies:
    2
    Views:
    5,544
    Walter Roberson
    Jan 22, 2007
  5. Ramon F Herrera

    Cisco ASA 5500 comparison table?

    Ramon F Herrera, Feb 7, 2007, in forum: Cisco
    Replies:
    4
    Views:
    1,219
    Walter Roberson
    Feb 7, 2007
Loading...

Share This Page