Pix Access lists ver 6.2(1)

scopeland · ‎06-25-2002

I have Pix 520 running 6.2(1) and am trying to implement some outbound filtering. Basically I want to deny any host on the inside interface the ability to do pop3 or smtp connections on the outside interface.

I have a mail server on a DMZ that they are supposed to use and it needs to be able to accept pop3 logins and do smtp processes. on both inside and outside.

My access list to deny pop3 and smtp from inside to outside is below, but it does not deny someone from the inside accessing a mail server on the outside. What am I missing?

access-list acl_mail deny tcp any any eq pop3

access-list acl_mail deny tcp any any eq smtp

access-list acl_mail permit ip any any

access-group acl_mail in interface inside

ciscomoderator · ‎07-01-2002

Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.