How do I allow multiple inbound smtp ip addresses?

fullerthaler · ‎07-10-2007

I am subscribing to a spam filter service that requires inbound access through my PIX. I need to allow 5 different IP addresses for smtp traffic. Will this configuration work?

access-list outside_access_in permit tcp 12.158.34.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 12.158.35.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 63.240.161.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 63.240.165.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 12.158.36.0 255.255.255.0 host 64.240.166.178 eq smtp

Jon Marshall · ‎07-10-2007

Hi

Are you wanting to allow 5 individual networks or five network ranges. Your above access-list is allowing whole Class C subnets to talk smtp to your mail server.

The access-list will work it might just be more access than you need.

Is this what you want.

Jon

fullerthaler · ‎07-10-2007

Actually a better example of the ip addresses that I need to give access to are the following:

129.41.169.51

129.41.169.52

129.41.169.53

129.41.169.54

129.41.169.55

Will this work?

Jon Marshall · ‎07-10-2007

Yes it will be fine. For neatness and ease of future editing i would do

object-group network external_mail_servers

network-object host 129.41.169.51

network-object host 129.41.169.52

network-object host 129.41.169.53

network-object host 129.41.169.54

network-object host 129.41.169.55

access-list outside_access_in permit tcp object-group external_mail_servers host 64.240.166.178 eq smtp

If you need to add another mail server at a later date or remove one you just need to edit the object group.

HTH

Jon