Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mail Server, Web Server blocked by Access-list???

I've been trying to apply the 105 access-list to the serial interface inbound to protect these internal networks from the big, bad Internet but I need to allow for a web server and an email server at the static nat address that's been specified. When I apply the access-list, however, I am unable to browse to the web server from the outside, and mail doesn't go through. Internet traffic (browsing) from inside the network seems fine, however.

Any thoughts or advice would be greatly appreciated.

access-list 105 deny ip host 0.0.0.0 any log

access-list 105 deny ip any 255.255.255.128 0.0.0.127 log

access-list 105 deny ip 0.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 log

access-list 105 deny ip 10.0.0.0 0.255.255.255 any log

access-list 105 deny ip 127.0.0.0 0.255.255.255 any log

access-list 105 deny ip 172.16.0.0 0.15.255.255 any log

access-list 105 deny ip 192.168.0.0 0.0.255.255 any log

access-list 105 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 log

access-list 105 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 log

access-list 105 deny ip 10.1.0.0 0.0.255.255 any log

access-list 105 permit udp host xxx.xxx.xxx.xxx eq domain xxx.xxx.xxx.xxx 0.0.0.255

access-list 105 permit udp host xxx.xxx.xxx.xxx eq domain xxx.xxx.xxx.xxx 0.0.0.255

access-list 105 permit tcp any eq www xxx.xxx.xxx.xxx 0.0.0.255

access-list 105 permit tcp any eq 8443 xxx.xxx.xxx.xxx 0.0.0.255

access-list 105 permit tcp any eq 443 xxx.xxx.xxx.xxx 0.0.0.255

access-list 105 permit tcp any eq smtp host xxx.xxx.xxx.xxx(static inside global, public)

access-list 105 permit tcp any eq telnet xxx.xxx.xxx.xxx 0.0.0.255

access-list 105 deny ip any any log

Thanks!

3 REPLIES
New Member

Re: Mail Server, Web Server blocked by Access-list???

Move the eq statement to the end of the line.

access-list 105 permit tcp any host xxx.xxx.xxx.xxx(static inside global, public) eq smtp

The format is access-list XXX permit tcp Soucrce IP Source Port Destination IP Destination port.

You are allowing incoming traffic from the ports with your configuration, not allowing it to the port.

New Member

Re: Mail Server, Web Server blocked by Access-list???

Of course...

Excellent...thanks for your help!

New Member

Re: Mail Server, Web Server blocked by Access-list???

try this:

access-list 105 permit tcp host xxx.xxx.xxx.xxx 0.0.0.255 eq www any

130
Views
0
Helpful
3
Replies