11-14-2006 07:03 PM - edited 02-20-2020 09:38 PM
Hi,
Ok like this, i want to deny network 192.168.1.0/24 send an email using port 25 (smtp) and want to allow only 192.168.1.2 to send email. Below config not working, it deny all tcp 25,
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
any idea what's wrong with my config
thanks
Solved! Go to Solution.
11-14-2006 07:40 PM
HI try this ..
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
I hope it heslp .. please rate it if it dose !!!!
11-14-2006 08:43 PM
11-14-2006 07:40 PM
HI try this ..
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
I hope it heslp .. please rate it if it dose !!!!
11-14-2006 08:34 PM
Oppss, my access-list upside down? If i want to allow another host, 192.168.1.3 should i repeat the same procedure? starting from permit tcp 192.168.1.3 and then deny other tcp 25.
11-14-2006 08:43 PM
yes
11-14-2006 09:42 PM
alright dude, it works, thanks
11-15-2006 01:19 AM
Hi Tonny
change the sequence like that.
keep in mind that once you have a "deny match" no further acl statements will be checked.
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
cheers
Claudio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: