Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix Access lists ver 6.2(1)

I have Pix 520 running 6.2(1) and am trying to implement some outbound filtering. Basically I want to deny any host on the inside interface the ability to do pop3 or smtp connections on the outside interface.

I have a mail server on a DMZ that they are supposed to use and it needs to be able to accept pop3 logins and do smtp processes. on both inside and outside.

My access list to deny pop3 and smtp from inside to outside is below, but it does not deny someone from the inside accessing a mail server on the outside. What am I missing?

access-list acl_mail deny tcp any any eq pop3

access-list acl_mail deny tcp any any eq smtp

access-list acl_mail permit ip any any

access-group acl_mail in interface inside


Re: Pix Access lists ver 6.2(1)

Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit and to open a case with one of our TAC engineers, visit

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.