Thanks Alexei! That's what I wanted to hear.
Charles
From: Alexei Monastyrnyi <alexeim73_at_gmail.com>
To: Charles.Henson_at_regions.com
Cc: ccielab_at_groupstudy.com
Date: 07/24/2009 07:52
Subject: Re: OT - ASA time based ACL state?
Hi Charles.
On PIX/ASA code 7.2(4) TCP sessions through the unit do not get dropped
after time-based ACL entry kicks in. Have just tested that for you.
In IOS they do get dropped.
HTH,
A.
Charles.Henson_at_regions.com wrote:
> All,
> In a time based ACL applied to an ASA, if the ACL "expires" at
0800,
> does that mean that existing connections will be allowed to continue and
no
> new sessions as of 0800 or will all connections functioning at 0759 be
> dropped (tcp session timeout) at 0800? On a router I think it's the
latter,
> on an ASA I think it's the latter but I'm a little confused on this and
> can't test it anywhere. Anyone?
>
> Charles
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 24 2009 - 08:57:38 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART