Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

I'm badly stuck. Urgent Help needed!!!!

I want to block all incoming traffic except SMTP using ACL on my cisco 3640 router.Router is being used as NAT device.My mail server is in my private LAN and statically NATed with the serial interface IP.

As far as outgoing traffic is concerned i just want browsing to occur.

Taking all this into consideration, i made this ACL and applied to my serial interface for inbound traffic.No other ACL was applied to any other interface.

Permit tcp any any established( Thinking it'll allow the reply tcp packets)

permit TCP any any eq 25

permit tcp any any eq 53

permit udp any any eq 53.

deny ip any any

But that really didn't work as it blocked my browsing.

Can someone suggest what is wrong in this ACL

1 REPLY
Community Member

Re: I'm badly stuck. Urgent Help needed!!!!

Looks like you're in need of CBAC. Standard IOS ACL's aren't session state aware. Looks like you need the IOSFW on your router to achieve what you are trying to do... either that, or control access vial the pix...

CBAC Info:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca606.html

83
Views
0
Helpful
1
Replies
CreatePlease to create content