07-10-2007 10:32 AM - edited 03-11-2019 03:42 AM
I am subscribing to a spam filter service that requires inbound access through my PIX. I need to allow 5 different IP addresses for smtp traffic. Will this configuration work?
access-list outside_access_in permit tcp 12.158.34.0 255.255.255.0 host 64.240.166.178 eq smtp
access-list outside_access_in permit tcp 12.158.35.0 255.255.255.0 host 64.240.166.178 eq smtp
access-list outside_access_in permit tcp 63.240.161.0 255.255.255.0 host 64.240.166.178 eq smtp
access-list outside_access_in permit tcp 63.240.165.0 255.255.255.0 host 64.240.166.178 eq smtp
access-list outside_access_in permit tcp 12.158.36.0 255.255.255.0 host 64.240.166.178 eq smtp
07-10-2007 10:36 AM
Hi
Are you wanting to allow 5 individual networks or five network ranges. Your above access-list is allowing whole Class C subnets to talk smtp to your mail server.
The access-list will work it might just be more access than you need.
Is this what you want.
Jon
07-10-2007 10:42 AM
Actually a better example of the ip addresses that I need to give access to are the following:
129.41.169.51
129.41.169.52
129.41.169.53
129.41.169.54
129.41.169.55
Will this work?
07-10-2007 10:58 AM
Yes it will be fine. For neatness and ease of future editing i would do
object-group network external_mail_servers
network-object host 129.41.169.51
network-object host 129.41.169.52
network-object host 129.41.169.53
network-object host 129.41.169.54
network-object host 129.41.169.55
access-list outside_access_in permit tcp object-group external_mail_servers host 64.240.166.178 eq smtp
If you need to add another mail server at a later date or remove one you just need to edit the object group.
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide