Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

very simple access list need advise

We recently purchase Mailwise service. It is a outsdie 3rd party filtering service.

They have instructed us to lock down the incoming smtp traffic to our network so that our email can be filtered. see below:

If you would like to configure your firewall or router to accept messages only from MailWise. Our network range is

Please accept the entire Class C Range (.1 through .255) as part of a trusted host

Here is my access list i created with the group.

access-list 150 permit tcp any eq smtp

access-group 150 in interface outside

Please let me know if this will do???


Re: very simple access list need advise

Please use wild card mask instead of subnet

like the given below

access-list 150 permit tcp any eq smtp



Hall of Fame Super Silver

Re: very simple access list need advise


Shivlu makes a good suggestion that your mask was not correct. I will make an additional suggestion that if the access list is really as you have shown it then you will probably not like the result of applying that access list to the interface. Since the access list has only a single statement which permits SMTP from a particular range then all other traffic will be denied (because of the implied deny any at the bottom of every access list).

I suggest that you need to add these 2 lines to the access list before you apply it to the interface:

access-list 150 deny tcp any any eq smtp

access-list 150 permit ip any any

And all this assumes that there is no access list existing already on the interface. If there is an existing access list then this logic needs to be integrated into the existing list. If there is an existing list can you post its configuration?