Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
2
Replies

Accesslist on pix 525

shawn.s
Level 1
Level 1

‎04-12-2004 12:13 PM - edited ‎02-20-2020 11:20 PM

I only want IP addresses on a specific subnet to be able tos end smtp traffic to my email server. I have tried the following access-lists but cannot get traffic to pass.

access-list acl_grp permit tcp host myipaddress host theirsubnet eq smtp and I reversed the order of the addresses. I am wondering if the access-list command does not recognize entire subnets? example: 209.165.201.0 ?

0 Helpful
2 Replies 2

shawn.s
Level 1
Level 1

‎04-13-2004 05:03 AM

Maybe I wasn't clear enough.. I just want to create an access list that only allows hosts on a specified subnet to pass SMTP traffic to my email server.

0 Helpful

MARTY ADKINS
Level 1
Level 1

‎04-13-2004 10:18 AM

It handles subnets fine but you have to use that syntax. Instead of "host subnet" you need "subnet subnet-mask". And from what you wrote about the purpose, I think you need to reverse the source/dest, assuming the ACL gets applied to the outside interface.

access-list acl_grp permit tcp theirsubnet subnet-mask gt 1023 host my-email-server eq smtp

HTH,

- Marty

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card