We have a possible virus on the network sending out traffic via port 25. I put the below access-list on ther router only allow traffic from the exchange server to send out traffic via port 25.
access-list 150 permit tcp host 192.168.0.2 any eq smtp
access-list 150 deny tcp any any eq smtp
access-list 150 permit ip any any
sh ip access-lists 150
Extended IP access list 150
10 permit tcp host 192.168.0.2 any eq smtp (1010 matches)
20 deny tcp any any eq smtp (1225 matches)
30 permit ip any any (1523 matches)
As soon as I view the access list I can see the this working. I would like to do is run a debug comand to find out what source IP address is being blocked by the rouuter. CAn anyone advise the best debug command I should use. we have Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T4.
Thanks in advance?