Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accesslist on pix 525

I only want IP addresses on a specific subnet to be able tos end smtp traffic to my email server. I have tried the following access-lists but cannot get traffic to pass.

access-list acl_grp permit tcp host myipaddress host theirsubnet eq smtp and I reversed the order of the addresses. I am wondering if the access-list command does not recognize entire subnets? example: 209.165.201.0 ?

2 REPLIES
New Member

Re: Accesslist on pix 525

Maybe I wasn't clear enough.. I just want to create an access list that only allows hosts on a specified subnet to pass SMTP traffic to my email server.

New Member

Re: Accesslist on pix 525

It handles subnets fine but you have to use that syntax. Instead of "host subnet" you need "subnet subnet-mask". And from what you wrote about the purpose, I think you need to reverse the source/dest, assuming the ACL gets applied to the outside interface.

access-list acl_grp permit tcp theirsubnet subnet-mask gt 1023 host my-email-server eq smtp

HTH,

- Marty

94
Views
0
Helpful
2
Replies