Newbie here trying to implement simple acl. I want to block spam originating from our network. Say my network is 188.8.131.52/24 and my email sever is 184.108.40.206. I want all my users to use this server as their only smtp server (basically preventing others to run their own smtp server). How do i achieve this? I guess i am confused on what interface i apply the acl and in what direction (most probably out direction).
My Network : 220.127.116.11/24
Mail server: 18.104.22.168
ip address 22.214.171.124 255.255.255.0
Int s1/0 (connected our upstream provider)
ip address 126.96.36.199 255.255.255.252
ip route 0.0.0.0 0.0.0.0 s1/0
ip access-list extended trafficcop
permit tcp any host 188.8.131.52 eq smtp
dency tcp any 184.108.40.206 0.0.0.255 eq smtp
My question is will the access-list above solve my problem? And where do i apply this access list.
will it be on f0/0 - "ip access-group trafficcop out"
Keep in mind there's always an implicit "deny everything" at the end of an ACL, so your ACL will permit SMTP from 220.127.116.11 and BLOCK EVERYTHING ELSE, not just other SMTP traffic, probably not what you want.
also, it's usually best to apply an ACL as incoming on an interface, since the router then doesn't have to process it only to find it has to drop it as it goes out the other interface, just wastes CPU cycles.
So, having said that, what you want is something like the following:
access-list 100 permit tcp host 18.104.22.168 any eq smtp
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...