Apply Configuration Changes To Connections; Reload The Asa - Cisco ASA Series Getting Started

Apply Configuration Changes to Connections

In most cases, commands described in this guide are preceded by a CLI prompt. The prompt in the following
example is "ciscoasa(config)#":
ciscoasa(config)# context a
In the text configuration file you are not prompted to enter commands, so the prompt is omitted as follows:
context a
For additional information about formatting the file, see
Apply Configuration Changes to Connections
When you make security policy changes to the configuration, all new connections use the new security policy.
Existing connections continue to use the policy that was configured at the time of the connection establishment.
show command output for old connections reflect the old configuration, and in some cases will not include
data about the old connections.
For example, if you remove a QoS service-policy from an interface, then re-add a modified version, then the
show service-policy command only displays QoS counters associated with new connections that match the
new service policy; existing connections on the old policy no longer show in the command output.
To ensure that all connections use the new policy, you need to disconnect the current connections so that they
can reconnect using the new policy.
To disconnect connections, enter one of the following commands:
• clear local-host [ip_address] [all]
• clear conn [all] [protocol {tcp | udp}] [address src_ip [-src_ip] [netmask mask]] [port src_port

Reload the ASA

To reload the ASA, complete the following procedure.
CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5
28
This command reinitializes per-client run-time states such as connection limits and embryonic limits.
As a result, this command removes any connection that uses those limits. See the show local-host all
command to view all current connections per host.
With no arguments, this command clears all affected through-the-box connections. To also clear to-the-box
connections (including your current management session), use the all keyword. To clear connections to
and from a particular IP address, use the ip_address argument.
[-src_port]] [address dest_ip [-dest_ip] [netmask mask]] [port dest_port [-dest_port]]
This command terminates connections in any state. See the show conn command to view all current
connections.
With no arguments, this command clears all through-the-box connections. To also clear to-the-box
connections (including your current management session), use the all keyword. To clear specific
connections based on the source IP address, destination IP address, port, and/or protocol, you can specify
the desired options.
Using the Command-Line Interface.
Getting Started