Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list HELP

Dear Ciscoer,

Please help me to create an access list from inside to outside. Permit only http, smtp, and pop3. This were created, but some web I can access, cannot smtp but can pop

==========================================================

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq www

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq pop3

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq smtp

----------------------------------------------------------------------------------------------------

What other port suppose to be open.

Thanks in advance

4 REPLIES
Gold

Re: Access-list HELP

From my other post ---

As you say you have access-lists, so

Do the following, open a text-editor (note pad) and write your ACL's i.e.

>no access-list inside

>access-list inside permit tcp host any eq 80

>access-list inside permit tcp host any eq 443

>access-list inside permit tcp host any eq 25

..and so on...

Now don't forget to apply this to the inside interface with a access-group command.

>access-group inside in interface inside

As soon as you are happy with your ACL's paste back onto PIX and make sure you save it i.e. pix# wr m (write memory)

And that should do it.

Hope this helps --

New Member

Re: Access-list HELP

1.ACL for outbound connections:

access-list outbound remark WWW

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq www

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq https

access-list outbound remark Email

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq pop3

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq smtp

access-list outbound remark NS

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq domain

access-list outbound permit udp 192.168.10.0 255.255.255.0 any eq domain

-----------------------------------------------

access-group outbound in interface inside

----------------------------------------------

clear xlate

----

If you use local servers (proxy, NS, SMTP) use only host address in these access-lists.

2. SMTP

Don’t forget to open inbound connection for incoming emails on outside interface :).

static (inside,outside) publicIP 192.168.10.x netmask 255.255.255.255

access-list inbound permit tcp any host publicIP eq smtp

access-group inbound in interface outside

Gold

Re: Access-list HELP

Hi --

The previous post from David has a 'clearer explanation' for your problem - My post only has half the info. so dorry for that..

Jay.

New Member

Re: Access-list HELP

Thank you

HATO

96
Views
5
Helpful
4
Replies
CreatePlease to create content