'clear local-host' could be used instead of 'clear xlate' + 'clear conn'. If you are implementing a 'deny' rule, that would be an important step. However, if you are implementing a 'permit' statement, probably you don't have an established connection.
Renato Morais On Wed, Jan 19, 2011 at 10:31 PM, Leon Lai (gmail) <[email protected]>wrote: > I tried this login ago in asa7.2. After modified acl, u must clear xlate n > clear conn to reflect the changes. > > Thanks > > Leon Lai > > Sent from my iPad > > On Jan 20, 2011, at 3:34 AM, Bruno <[email protected]> wrote: > > I would say so. > Never tried this out though > > On Wed, Jan 19, 2011 at 3:42 PM, Anantha Subramanian Natarajan > <<[email protected]> > [email protected]> wrote: > >> Hi All, >> >> Have a question on ,how/when the ASA would do a ACL checkup.Please >> correct me,I am understanding that,if the session is already established on >> the ASA,the packets belonging to the session would not be checked by the >> ACL.If this is correct,if we modify the ACL when the session is >> established,the modified ACL wouldn't impact the established traffic. >> >> Kindly let me know.Thanks for the help >> >> Regards >> Anantha Subramanian Natarajan >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit <http://www.ipexpert.com>www.ipexpert.com >> >> > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit <http://www.ipexpert.com>www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
