Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access-list

Hi,

Ok like this, i want to deny network 192.168.1.0/24 send an email using port 25 (smtp) and want to allow only 192.168.1.2 to send email. Below config not working, it deny all tcp 25,

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

any idea what's wrong with my config

thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Access-list

HI try this ..

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

I hope it heslp .. please rate it if it dose !!!!

Re: Access-list

yes

5 REPLIES

Re: Access-list

HI try this ..

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

I hope it heslp .. please rate it if it dose !!!!

New Member

Re: Access-list

Oppss, my access-list upside down? If i want to allow another host, 192.168.1.3 should i repeat the same procedure? starting from permit tcp 192.168.1.3 and then deny other tcp 25.

Re: Access-list

yes

New Member

Re: Access-list

alright dude, it works, thanks

New Member

Re: Access-list

Hi Tonny

change the sequence like that.

keep in mind that once you have a "deny match" no further acl statements will be checked.

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

cheers

Claudio

86
Views
0
Helpful
5
Replies
CreatePlease to create content