Your config needs some slight modifications. I assume you want to create a reflexive access list to track all tcp traffic, not just smtp, originated from the inside (trusted) network. The following config would cause the router create a temporary access list entry for all tcp originated from the inside network. The config that you have in there now would only allow create a temporary ACE for the SMTP traffic defined in your first statement in the ACL named smtp-racl and all other traffic would be dropped on it ways back.
If you have a different requirement please clarify that..
Your assumption is correct. However, I am not certain how FTP traffic, both inbound and outbound, would be affected by your configuration. Please advise whether FTP would or would not be affected. Thanks.
Your outbound, from inside to outside, FTP traffic would work fine as the reflexive access list will create a temporary access list entry when the first ftp packets in the session leaves the router and the return traffic will be allowed back in.
However, for traffic originated from outside to inside you need to explicitly allow the traffic on your inbound ACL and outbound ACL. Adding an entry each to the ACL(s) should address your concern.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :