Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do I allow multiple inbound smtp ip addresses?

I am subscribing to a spam filter service that requires inbound access through my PIX. I need to allow 5 different IP addresses for smtp traffic. Will this configuration work?

access-list outside_access_in permit tcp 12.158.34.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 12.158.35.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 63.240.161.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 63.240.165.0 255.255.255.0 host 64.240.166.178 eq smtp

access-list outside_access_in permit tcp 12.158.36.0 255.255.255.0 host 64.240.166.178 eq smtp

3 REPLIES
Hall of Fame Super Blue

Re: How do I allow multiple inbound smtp ip addresses?

Hi

Are you wanting to allow 5 individual networks or five network ranges. Your above access-list is allowing whole Class C subnets to talk smtp to your mail server.

The access-list will work it might just be more access than you need.

Is this what you want.

Jon

New Member

Re: How do I allow multiple inbound smtp ip addresses?

Actually a better example of the ip addresses that I need to give access to are the following:

129.41.169.51

129.41.169.52

129.41.169.53

129.41.169.54

129.41.169.55

Will this work?

Hall of Fame Super Blue

Re: How do I allow multiple inbound smtp ip addresses?

Yes it will be fine. For neatness and ease of future editing i would do

object-group network external_mail_servers

network-object host 129.41.169.51

network-object host 129.41.169.52

network-object host 129.41.169.53

network-object host 129.41.169.54

network-object host 129.41.169.55

access-list outside_access_in permit tcp object-group external_mail_servers host 64.240.166.178 eq smtp

If you need to add another mail server at a later date or remove one you just need to edit the object group.

HTH

Jon

163
Views
0
Helpful
3
Replies
CreatePlease to create content