topic Re: Accesslist on pix 525 in Network Security

Accesslist on pix 525

shawn.s — Fri, 21 Feb 2020 07:20:27 GMT

I only want IP addresses on a specific subnet to be able tos end smtp traffic to my email server. I have tried the following access-lists but cannot get traffic to pass.

access-list acl_grp permit tcp host myipaddress host theirsubnet eq smtp and I reversed the order of the addresses. I am wondering if the access-list command does not recognize entire subnets? example: 209.165.201.0 ?

Re: Accesslist on pix 525

shawn.s — Tue, 13 Apr 2004 12:03:09 GMT

Maybe I wasn't clear enough.. I just want to create an access list that only allows hosts on a specified subnet to pass SMTP traffic to my email server.

Re: Accesslist on pix 525

MARTY ADKINS — Tue, 13 Apr 2004 17:18:56 GMT

It handles subnets fine but you have to use that syntax. Instead of "host subnet" you need "subnet subnet-mask". And from what you wrote about the purpose, I think you need to reverse the source/dest, assuming the ACL gets applied to the outside interface.

access-list acl_grp permit tcp theirsubnet subnet-mask gt 1023 host my-email-server eq smtp

HTH,

- Marty