cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
486
Views
0
Helpful
1
Replies

Access list and NAT (Static mapping) together ?

imran
Level 1
Level 1

I have 1 NAT static mapping(Exchange Server)in network with other PCs mapped dynamically.I want to protect my Exchange Serv coz its open to Internet.I m using this:

access-list 101 deny ip host 195.229.36.85 any

access-list 101 permit udp any host 195.229.36.85 eq domain

access-list 101 permit tcp any host 195.229.36.85 eq pop3

access-list 101 permit tcp any host 195.229.36.85 eq smtp

access-list 101 permit tcp any host 195.229.36.85 eq www

After doing these commands mails stop going out with no Internet browsing.Can u help me brother!

Imran-Dubai

1 Reply 1

Not applicable

some info are missing, but I guess you attached this acl to the external interface as the incoming acl

I assume that your not useing CBAC, but traditional extened acls

If yes,

You autorise only connection from the outside

and you do not autorise inside returning connection

you may try something like that :

! Generated by Solsoft NP 5.0

! Copyright 1997-2002 Solsoft

! ..................................

ip access-list extended npc-interface2-in

! Incoming

! Service: ip

! Anti-spoofing rules

deny ip host 195.229.36.85 any

! Services (return): http smtp

permit tcp any eq 25 host 195.229.36.85 gt 1023 established

permit tcp any eq 80 host 195.229.36.85 gt 1023 established

! Services: dns-tcp http pop3 smtp

permit tcp any gt 1023 host 195.229.36.85 eq 25

permit tcp any gt 1023 host 195.229.36.85 eq 53

permit tcp any gt 1023 host 195.229.36.85 eq 80

permit tcp any gt 1023 host 195.229.36.85 eq 110

! Service: dns-udp

permit udp any gt 1023 host 195.229.36.85 eq 53

! Service: ip

! default policy (=deny)

deny ip any any

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: