Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Blocking port 25 on Cisco ASA 5505

I have a Cisco ASA 5505 in place at a client, and I've got a PC on the network infected with a spambot sending spam. I need to block port 25 to all PC's on the network EXCEPT for the Exchange server. I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL. This is not working, as all systems are still able to use port 25 regardless of the order the rules are listed. Am I missing something? Please help.

3 REPLIES
Hall of Fame Super Blue

Re: Blocking port 25 on Cisco ASA 5505

Kevin

Could you clarify what it is you are trying to do ie.

"need to block port 25 to all PC's on the network EXCEPT for the Exchange server."

This suggests you want to block any outside device connecting to your internal PC's on port 25

"I created an outbound ACL rule on the outside interface to first permit SMTP traffic for my Exchange server and then created a rule to deny SMTP traffic from source ALL."

This suggests you want to stop all your internal PC's connecting to outside devices on port 25.

Which one are you trying to do ?

Jon

Community Member

Re: Blocking port 25 on Cisco ASA 5505

I am trying to stop all internal PC's from connecting to outside devices on port 25. Except for the exchange server. There is a bot on one of the PC on the network, and I don't know which one. I want to deny access to the port outbound for the desktops, and leave it open for the exchange server only.

Community Member

Re: Blocking port 25 on Cisco ASA 5505

This is an example of what you will have to do. I am using this for one of my customers when I ran into the same problem

access-list 101 extended permit tcp host 192.168.240.10 any eq smtp

access-list 101 extended deny tcp 192.168.240.0 255.255.255.0 any eq smtp

access-list 101 extended permit ip any any

access-group 101 in interface inside

8861
Views
5
Helpful
3
Replies
CreatePlease to create content