10-27-2005 01:01 PM - edited 03-09-2019 12:51 PM
We have a PIX 515E Version 6.3(3).
I'd like to prevent all inside IPs from sending traffic on port 25 EXCEPT our mail server.
Using inside network 10.10.10.xxx
Outside IP 63.252.xxx.xxx
Mail Server 10.10.10.9
Would these work?
access-list smtp_in permit tcp 10.10.10.9 255.255.255.255 63.252.xxx.xxx 255.255.255.255 eq smtp
access-list smtp_in deny tcp any host 63.252.xxx.xxx eq smtp
Solved! Go to Solution.
10-27-2005 01:26 PM
You need to add
access-list smtp_in permit tcp host 10.10.10.9 any eq 25
access-list smtp_in deny tcp any any eq 25
access-list smtp_in permit ip any any
Don't forget to apply the ACLs to the inside interface with the command
access-group smtp_in in interface inside
Franco
10-27-2005 01:26 PM
You need to add
access-list smtp_in permit tcp host 10.10.10.9 any eq 25
access-list smtp_in deny tcp any any eq 25
access-list smtp_in permit ip any any
Don't forget to apply the ACLs to the inside interface with the command
access-group smtp_in in interface inside
Franco
10-27-2005 01:39 PM
worked perfectly!
Thanks Franco
10-27-2005 02:27 PM
hi Franco,
why do you need access-list smtp_in permit ip any any?
10-27-2005 02:32 PM
Also since this is an inside interface, assuming it has the highest security level, I guess there's an implicit allow rule at the end.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide