Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
2
Replies

very simple access list need advise

shirwaziri1_2
Level 1
Level 1

‎02-19-2008 11:36 AM - edited ‎03-03-2019 08:46 PM

We recently purchase Mailwise service. It is a outsdie 3rd party filtering service.

They have instructed us to lock down the incoming smtp traffic to our network so that our email can be filtered. see below:

If you would like to configure your firewall or router to accept messages only from MailWise. Our network range is 216.75.199.0/24.

Please accept the entire Class C Range (.1 through .255) as part of a trusted host

Here is my access list i created with the group.

access-list 150 permit tcp 216.75.199.0 255.255.255.0 any eq smtp

access-group 150 in interface outside

Please let me know if this will do???

Labels:
0 Helpful
2 Replies 2

shivlu jain
Level 5
Level 5

‎02-19-2008 11:41 AM

Please use wild card mask instead of subnet

like the given below

access-list 150 permit tcp 216.75.199.0 0.0.0.255 any eq smtp

regards

shivlu

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to shivlu jain

‎02-19-2008 12:01 PM

Shir

Shivlu makes a good suggestion that your mask was not correct. I will make an additional suggestion that if the access list is really as you have shown it then you will probably not like the result of applying that access list to the interface. Since the access list has only a single statement which permits SMTP from a particular range then all other traffic will be denied (because of the implied deny any at the bottom of every access list).

I suggest that you need to add these 2 lines to the access list before you apply it to the interface:

access-list 150 deny tcp any any eq smtp

access-list 150 permit ip any any

And all this assumes that there is no access list existing already on the interface. If there is an existing access list then this logic needs to be integrated into the existing list. If there is an existing list can you post its configuration?

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card