I'm trying to figure out how to block outbound smtp access except from my exchange server. Here is the ACL i developed.
ip access-list extended SMTP
permit tcp 10.10.152.200 0.0.0.255 any eq smtp
deny tcp any any eq smtp
permit ip any any
I thought i would apply it outbound (ip access-group SMTP out) on my inside interface but when i do that I can no longer accept connections inbound to the server. Where should I have this? Is something wrong with the ACL itself?
Try applying it to your inside interface, incoming (ip access-group SMTP in). It will look at traffic coming INTO the interface on the router and determine what to do with it. Remember, access-lists should usually be applied closest to source.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...