I'm using one of my PC's as a mail server and for security I was wondering if there's a way to configure the cisco firewall to only allow incoming requests from IP addresses I specify. The IP's in question will be out there on the internet, not on my LAN. All other IP addresses would be blocked.
If the adventerprise IOS I have loaded will not do this I also have the c2600-advsecurityk9-mz.124-9.T1.bin IOS.
some outside IP's will need inward access through my router to the mail server machine on my LAN. I would like (if possible) to only allow IP's I've specified to have access in through the router. The purpose of this would be as a barrier to spammers trying to hijack my mail server.
1) the NATing I'm aware of is from Dialer0 to F0/0 and F0/1.
2) ports 25, 110 and 80 are all forwarded from Dialer0 to the LAN IP of the mail server machine on F0/1. Ports 25 and 110 are for mail, and 80 is for web hosting.
Attached is my running config if it explains more. I have two LANs coming from the cisco router. My working LAN is on F0/0 on 172.16.1.xx and the mail server machine is the only machine on port F0/1 on 192.168.1.xx. I did this to provide separation of my LAN from the mail server.
but if u add the ACL like this to the ACL 105 wont work becuae it will be addedd to the end of the ACL and u will have deny statements before this allow then traffic will be blocked make new ACL urs not big liek ACL 106 start with permit then deny
and keep in mind if u make ACL with lines permiting things and u every thing not permited by the ACL will be blocked because in each ACL there imlicit deny statment in the end
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...