Firewall Wizards mailing list archives
Re: PIX: immediately applying access rules to established connections
From: "Julian M D" <julianmd () gmail com>
Date: Thu, 15 Jun 2006 15:00:29 -0400
Strange. Usage Guidelines The clear xlate command clears the contents of the translation slots ("xlate" refers to the translation slot). Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing the aaa-server, access-list, alias, global, nat, route, or static commands in your configuration. An xlate describes a NAT or PAT session. These sessions can be viewed with the show xlate command with the detail option. There are two types of xlates: static and dynamic. A static xlate is a persistent xlate that is created using the static command. Static xlates can only be removed by removing the static command from the configuration; the clear xlate does not remove the static translation rule. If you remove a static command from the configuration, preexisting connections that use the static rule can still forward traffic. Use the clear local-host to deactivate these connections. A dynamic xlate is an xlate that is created on demand with traffic processing (through the nat or global command). The clear xlate removes dynamic xlates and their associated connections. You can also use the clear local-host command to clear the xlate and associated connections. If you remove a nat or a global command from the configuration, the dynamic xlate and associated connections may remain active. Use the clear xlate or the clear local-host command to remove these connections. Examples The following example shows how to clear the current translation and connection slot information: hostname# clear xlate global http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c3_711.htm#wp2034746 On 6/15/06, Vahid Pazirandeh <vpaziran () yahoo com> wrote:
--- Julian M D <julianmd () gmail com> wrote:clear xlate -it will close down all current connections - bewareActually I had tried typing "clear xlate" and that didn't help. Hrm... -VahidOn 6/15/06, Vahid Pazirandeh <vpaziran () yahoo com> wrote:Hi all, I noticed that after I made some changes to my access-lists with a PIX7.1(2),the rules only applied to new connections being made. The connections that were already established (like tcp sessions) were unfortunately notaffected.How can I affect all currently established connections with my newaccess-listrules? Is there a "clear" command that'll do the trick? Thanks for reading. :-) -Vahid ============================================= "Make it better before you make it faster." ============================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards============================================= "Make it better before you make it faster." ============================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX: immediately applying access rules to established connections Vahid Pazirandeh (Jun 15)
- Re: PIX: immediately applying access rules to established connections Julian M D (Jun 15)
- Re: PIX: immediately applying access rules to established connections Brian Loe (Jun 15)
- Re: PIX: immediately applying access rules to established connections Vahid Pazirandeh (Jun 15)
- Re: PIX: immediately applying access rules to established connections Julian M D (Jun 15)
- Re: PIX: immediately applying access rules to established connections Tim Shea (Jun 16)
- Re: PIX: immediately applying access rules to established connections R. DuFresne (Jun 17)
- Re: PIX: immediately applying access rules to established connections Julian M D (Jun 15)