I want to block all incoming traffic except SMTP using ACL on my cisco 3640 router.Router is being used as NAT device.My mail server is in my private LAN and statically NATed with the serial interface IP.
As far as outgoing traffic is concerned i just want browsing to occur.
Taking all this into consideration, i made this ACL and applied to my serial interface for inbound traffic.No other ACL was applied to any other interface.
Permit tcp any any established( Thinking it'll allow the reply tcp packets)
permit TCP any any eq 25
permit tcp any any eq 53
permit udp any any eq 53.
deny ip any any
But that really didn't work as it blocked my browsing.
Looks like you're in need of CBAC. Standard IOS ACL's aren't session state aware. Looks like you need the IOSFW on your router to achieve what you are trying to do... either that, or control access vial the pix...
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...