https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972944#M440513 <HTML><HEAD></HEAD><BODY><P>Hi dario, </P><P></P><P>You would need this:</P><P></P><P>access-list no-inspect deny ip host x.x.x.x host y.y.y.y</P><P>access-list no-inspect permit ip any any</P><P></P><P>class-map no-inspect-class</P><P>&nbsp; match access-list no-inspect</P><P></P><P>policy-map global_policy</P><P>&nbsp; class no-inspect</P><P>&nbsp;&nbsp;&nbsp; inspect esmtp</P><P></P><P></P><P>where x.x.x.x and y.y.y.y are your desired ip's for which you want to disable it. </P><P></P><P>This would deny the ip's from being inspected but other traffic would be.</P><P></P><P></P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Mon, 25 Jun 2012 06:11:19 GMT varrao 2012-06-25T06:11:19Z https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972943#M440511 <P>Hi guys,</P><P></P><P>I have to allow the ESMTP traffic from a defined IP address. I know that the following statement allows me to disable the inspection but I would do more, limiting the "<EM>no inspect esmtp"</EM> to a single IP address.</P><P></P><P><EM>conf t</EM></P><P><EM>policy-map global_policy</EM></P><P><EM>&nbsp; class inspection_default</EM></P><P><EM>&nbsp; no inspect esmtp</EM></P><P><EM>exi</EM></P><P><EM>wr</EM></P><P></P><P>Do you know how to do it?</P><P></P><P>Thanks,</P><P>Dario Vanin</P> Mon, 11 Mar 2019 23:22:31 GMT https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972943#M440511 Dario Francesco Vanin 2019-03-11T23:22:31Z https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972944#M440513 <HTML><HEAD></HEAD><BODY><P>Hi dario, </P><P></P><P>You would need this:</P><P></P><P>access-list no-inspect deny ip host x.x.x.x host y.y.y.y</P><P>access-list no-inspect permit ip any any</P><P></P><P>class-map no-inspect-class</P><P>&nbsp; match access-list no-inspect</P><P></P><P>policy-map global_policy</P><P>&nbsp; class no-inspect</P><P>&nbsp;&nbsp;&nbsp; inspect esmtp</P><P></P><P></P><P>where x.x.x.x and y.y.y.y are your desired ip's for which you want to disable it. </P><P></P><P>This would deny the ip's from being inspected but other traffic would be.</P><P></P><P></P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Mon, 25 Jun 2012 06:11:19 GMT https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972944#M440513 varrao 2012-06-25T06:11:19Z https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972945#M440515 <HTML><HEAD></HEAD><BODY><P>Thanks Varun,</P><P></P><P>so you said that in my scenarioI should use this statement below? I have a single host to allow.</P><P></P><P>access-list no-inspect deny ip host x.x.x.x</P><P></P><P>Thanks,</P><P>Dario</P></BODY></HTML> Mon, 25 Jun 2012 06:17:37 GMT https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972945#M440515 Dario Francesco Vanin 2012-06-25T06:17:37Z https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972946#M440516 <HTML><HEAD></HEAD><BODY><P>Hi&nbsp; Dario,</P><P></P><P>Yes, I would suggest you apply this acl's:</P><P></P><P>access-list no-inspect deny ip host x.x.x.x any</P><P>access-list no-inspect deny ip any host x.x.x.x</P><P>access-list no-inspect permit ip any any</P><P></P><P>Reason being, you would want to exclude bi-directional traffic, to and from the host to any destination.</P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Mon, 25 Jun 2012 06:21:06 GMT https://community.cisco.com/t5/network-security/allow-esmtp-from-defined-ips/m-p/1972946#M440516 varrao 2012-06-25T06:21:06Z