Hi Charles.
On PIX/ASA code 7.2(4) TCP sessions through the unit do not get dropped
after time-based ACL entry kicks in. Have just tested that for you.
In IOS they do get dropped.
HTH,
A.
Charles.Henson_at_regions.com wrote:
> All,
> In a time based ACL applied to an ASA, if the ACL "expires" at 0800,
> does that mean that existing connections will be allowed to continue and no
> new sessions as of 0800 or will all connections functioning at 0759 be
> dropped (tcp session timeout) at 0800? On a router I think it's the latter,
> on an ASA I think it's the latter but I'm a little confused on this and
> can't test it anywhere. Anyone?
>
> Charles
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 24 2009 - 22:52:25 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART