Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

LAN Question

Is it possible to close all of the TCP ports except TCP port 25 (SMTP). We don't want any traffic coming in or out except for outgoing mail. Please let me know how to configure this...

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: LAN Question

Kyle

Assuming your mail server is 192.168.5.1

access-list 101 permit tcp host 192.168.5.1 any eq 25

access-list 101 deny ip any any

access-list 102 permit tcp any host 192.168.5.1 established

access-list 102 deny ip any any

int fa0/1

ip access-group 101 out

ip access-group 102 in

the above will only allow the mail server 192.168.5.1 to initiate connections to other mail servers on port 25 and for the return traffic to be allowed back in. That's it.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: LAN Question

Kyle

What device are you referring to ?. You can use access-lists to block or allow traffic to a vlan/subnet but your question doesn't give enough details.

Jon

Community Member

Re: LAN Question

The device im refering to is a Cisco 2811

fa 0/0

fa 0/1 <--Allow only outgoing email

Serial 0/0/0 <--to WAN

Did this help?

Hall of Fame Super Blue

Re: LAN Question

Kyle

Assuming your mail server is 192.168.5.1

access-list 101 permit tcp host 192.168.5.1 any eq 25

access-list 101 deny ip any any

access-list 102 permit tcp any host 192.168.5.1 established

access-list 102 deny ip any any

int fa0/1

ip access-group 101 out

ip access-group 102 in

the above will only allow the mail server 192.168.5.1 to initiate connections to other mail servers on port 25 and for the return traffic to be allowed back in. That's it.

Jon

106
Views
0
Helpful
3
Replies
CreatePlease to create content