Thanks Renato Morais Regards Anantha Subramanian Natarajan
On Mon, Jan 24, 2011 at 10:24 PM, Renato Morais <[email protected]>wrote: > 'clear local-host' could be used instead of 'clear xlate' + 'clear conn'. > If you are implementing a 'deny' rule, that would be an important step. > However, if you are implementing a 'permit' statement, probably you don't > have an established connection. > > > Renato Morais > > > > On Wed, Jan 19, 2011 at 10:31 PM, Leon Lai (gmail) <[email protected]>wrote: > >> I tried this login ago in asa7.2. After modified acl, u must clear xlate n >> clear conn to reflect the changes. >> >> Thanks >> >> Leon Lai >> >> Sent from my iPad >> >> On Jan 20, 2011, at 3:34 AM, Bruno <[email protected]> wrote: >> >> I would say so. >> Never tried this out though >> >> On Wed, Jan 19, 2011 at 3:42 PM, Anantha Subramanian Natarajan >> <<[email protected]> >> [email protected]> wrote: >> >>> Hi All, >>> >>> Have a question on ,how/when the ASA would do a ACL checkup.Please >>> correct me,I am understanding that,if the session is already established on >>> the ASA,the packets belonging to the session would not be checked by the >>> ACL.If this is correct,if we modify the ACL when the session is >>> established,the modified ACL wouldn't impact the established traffic. >>> >>> Kindly let me know.Thanks for the help >>> >>> Regards >>> Anantha Subramanian Natarajan >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit <http://www.ipexpert.com>www.ipexpert.com >>> >>> >> >> >> -- >> Bruno Fagioli (by Jaunty Jackalope) >> Cisco Security Professional >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit <http://www.ipexpert.com>www.ipexpert.com >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
