cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11417
Views
5
Helpful
3
Replies

Blocking port 25 on Cisco ASA 5505

westernmotor
Level 1
Level 1

I have a Cisco ASA 5505 in place at a client, and I've got a PC on the network infected with a spambot sending spam. I need to block port 25 to all PC's on the network EXCEPT for the Exchange server. I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL. This is not working, as all systems are still able to use port 25 regardless of the order the rules are listed. Am I missing something? Please help.

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Kevin

Could you clarify what it is you are trying to do ie.

"need to block port 25 to all PC's on the network EXCEPT for the Exchange server."

This suggests you want to block any outside device connecting to your internal PC's on port 25

"I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL."

This suggests you want to stop all your internal PC's connecting to outside devices on port 25.

Which one are you trying to do ?

Jon

I am trying to stop all internal PC's from connecting to outside devices on port 25. Except for the exchange server. There is a bot on one of the PC on the network, and I don't know which one. I want to deny access to the port outbound for the desktops, and leave it open for the exchange server only.

lreger
Level 1
Level 1

This is an example of what you will have to do. I am using this for one of my customers when I ran into the same problem

access-list 101 extended permit tcp host 192.168.240.10 any eq smtp

access-list 101 extended deny tcp 192.168.240.0 255.255.255.0 any eq smtp

access-list 101 extended permit ip any any

access-group 101 in interface inside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco