Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
5
Helpful
4
Replies

Access-list HELP

j.hato
Level 1
Level 1

‎07-04-2003 12:39 AM - edited ‎02-20-2020 09:21 PM

Dear Ciscoer,

Please help me to create an access list from inside to outside. Permit only http, smtp, and pop3. This were created, but some web I can access, cannot smtp but can pop

==========================================================

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq www

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq pop3

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq smtp

----------------------------------------------------------------------------------------------------

What other port suppose to be open.

Thanks in advance

Labels:
0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎07-04-2003 01:27 AM

From my other post ---

As you say you have access-lists, so

Do the following, open a text-editor (note pad) and write your ACL's i.e.

>no access-list inside

>access-list inside permit tcp host any eq 80

>access-list inside permit tcp host any eq 443

>access-list inside permit tcp host any eq 25

..and so on...

Now don't forget to apply this to the inside interface with a access-group command.

>access-group inside in interface inside

As soon as you are happy with your ACL's paste back onto PIX and make sure you save it i.e. pix# wr m (write memory)

And that should do it.

Hope this helps --

0 Helpful

david.benes
Level 1
Level 1
In response to jmia

‎07-04-2003 01:34 AM

1.ACL for outbound connections:

access-list outbound remark WWW

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq www

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq https

access-list outbound remark Email

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq pop3

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq smtp

access-list outbound remark NS

access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq domain

access-list outbound permit udp 192.168.10.0 255.255.255.0 any eq domain

-----------------------------------------------

access-group outbound in interface inside

----------------------------------------------

clear xlate

----

If you use local servers (proxy, NS, SMTP) use only host address in these access-lists.

2. SMTP

Don’t forget to open inbound connection for incoming emails on outside interface :).

static (inside,outside) publicIP 192.168.10.x netmask 255.255.255.255

access-list inbound permit tcp any host publicIP eq smtp

access-group inbound in interface outside

jmia
Level 7
Level 7
In response to david.benes

‎07-04-2003 01:42 AM

Hi --

The previous post from David has a 'clearer explanation' for your problem - My post only has half the info. so dorry for that..

Jay.

0 Helpful

j.hato
Level 1
Level 1
In response to jmia

‎07-04-2003 02:32 AM

Thank you

HATO

0 Helpful
Customers Also Viewed These Support Documents