Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL to Protect SMTP (port 25)

Good day all.

I would like to confirm some thoughs and see if anyone has any other methods of protecting SMTP traffic to/from specific servers.

we have a smto server in a server vlan (vlan 30) and a number of other devices and the community in vlan 1. here is my first attempt, could anyone give me a suggestion as to how to do this better?

permit tcp host x.x.x.7 host 10.x.x.24 eq smtp

permit tcp host x.x.x.65 host 10.x.x.24 eq smtp

permit tcp host 10.x.x.25 host 10.x.x.24 eq smtp

permit tcp host x.x.x.238 host 10.x.x.24 eq smtp

permit tcp host x.x.x.240 host 10.x.x.24 eq smtp

permit tcp host x.x.x.6 host 10.x.x.24 eq smtp

permit tcp host 10.x.x.24 any eq smtp

deny tcp any any eq smtp

permit ip any any

10.x.x.24 is the smtp inbound/outbound server.

this was applied to vlan 30 in.

thoughts, comments, suggestions.

thanks

Scott

2 REPLIES

Re: ACL to Protect SMTP (port 25)

Hello scott

this is one good way to do this.. are u doing this on the PIX ?? if so, why dont you try using object-groups ?? it is much more simpler and can scale upto a large no of ACL's...

do let me know if u need any info on object-groups...

Raj

Gold

Re: ACL to Protect SMTP (port 25)

Hi Scott

I would also agree with Raj, your setup looks good. Again as Raj mentions, if you have a large amount of ACLs then Object-Grouping is a better method also is this on a router or PIX?

Jay

129
Views
0
Helpful
2
Replies