Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disable esmtp Inspection for Specific Host

Hello.  Is it possible to disable esmtp inspection for a specific INSIDE host with use of a policy-map?  If so, could you provide an example configuration.
 

3 REPLIES
VIP Green

Yes it is possible.  You

Yes it is possible.  You could do something like the following:

access-list ESMTP deny ip host 1.1.1.10 any
access-list ESMTP permit ip 1.1.1.0 255.255.255.0 any

class-map CMAP
match access-list ESMTP

policy-map PMAP
class CMAP
inspect esmtp

service-policy PMAP interface inside

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Hi! In this case, besides

Hi! 

In this case, besides those commands wouldn´t be necessary to disable default esmtp inspection from the by-default global-policy as well?? Like this:

policy-map global_policy
class inspection_default
no inspect esmtp

 

thanks in advance

VIP Green

You can disable default esmtp

You can disable default esmtp inspection like that, but cer43tcent wants to disable it for a single or specific internal addresses.  So for that you would need to define the addresses to be excluded and then define all the other addresses that are to be inspected.

--

Please remember to rate and select a correct answer
469
Views
0
Helpful
3
Replies
CreatePlease to create content