02-19-2008 11:36 AM - edited 03-03-2019 08:46 PM
We recently purchase Mailwise service. It is a outsdie 3rd party filtering service.
They have instructed us to lock down the incoming smtp traffic to our network so that our email can be filtered. see below:
If you would like to configure your firewall or router to accept messages only from MailWise. Our network range is 216.75.199.0/24.
Please accept the entire Class C Range (.1 through .255) as part of a trusted host
Here is my access list i created with the group.
access-list 150 permit tcp 216.75.199.0 255.255.255.0 any eq smtp
access-group 150 in interface outside
Please let me know if this will do???
02-19-2008 11:41 AM
Please use wild card mask instead of subnet
like the given below
access-list 150 permit tcp 216.75.199.0 0.0.0.255 any eq smtp
regards
shivlu
02-19-2008 12:01 PM
Shir
Shivlu makes a good suggestion that your mask was not correct. I will make an additional suggestion that if the access list is really as you have shown it then you will probably not like the result of applying that access list to the interface. Since the access list has only a single statement which permits SMTP from a particular range then all other traffic will be denied (because of the implied deny any at the bottom of every access list).
I suggest that you need to add these 2 lines to the access list before you apply it to the interface:
access-list 150 deny tcp any any eq smtp
access-list 150 permit ip any any
And all this assumes that there is no access list existing already on the interface. If there is an existing access list then this logic needs to be integrated into the existing list. If there is an existing list can you post its configuration?
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: