×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Access-list

Answered Question
Nov 14th, 2006
User Badges:

Hi,

Ok like this, i want to deny network 192.168.1.0/24 send an email using port 25 (smtp) and want to allow only 192.168.1.2 to send email. Below config not working, it deny all tcp 25,


access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside


any idea what's wrong with my config


thanks

Correct Answer by Fernando_Meza about 10 years 9 months ago

yes



Correct Answer by Fernando_Meza about 10 years 9 months ago

HI try this ..


access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any


access-group outbound in interface inside


I hope it heslp .. please rate it if it dose !!!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Fernando_Meza Tue, 11/14/2006 - 19:40
User Badges:
  • Gold, 750 points or more

HI try this ..


access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any


access-group outbound in interface inside


I hope it heslp .. please rate it if it dose !!!!

tonny_ecmyy Tue, 11/14/2006 - 20:34
User Badges:

Oppss, my access-list upside down? If i want to allow another host, 192.168.1.3 should i repeat the same procedure? starting from permit tcp 192.168.1.3 and then deny other tcp 25.

c.spescha Wed, 11/15/2006 - 01:19
User Badges:

Hi Tonny


change the sequence like that.

keep in mind that once you have a "deny match" no further acl statements will be checked.


access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside


cheers

Claudio

Actions

This Discussion