hey everyone...i'm trying to configure a simple ACL to block smtp traffic from leaving my LAN -- basically prevent internal users from setting up internet email accounts in their email clients and sending through that smtp server. i want my Exchange server only to send smtp traffic. here's what i have:
access-list 102 extended permit tcp host 10.10.1.29 eq smtp any eq smtp <===10.10.1.29 is Exchange
access-list 102 extended deny tcp any eq smtp any eq smtp
access-list 102 extended permit ip any any
access-group 102 in interface inside
after i apply this ACL to the ASA, i am still able to send from my internet email address setup in Outlook using my "foreign" smtp server. what am i missing? Thanks very much.
many email-clients send mail through port tcp/587 which is used for SMTP with authentication. You need to block that as well.
And your ACL is wrong. It has to be that:
access-list 102 extended permit tcp host 10.10.1.29 any eq smtp access-list 102 extended deny tcp any any eq smtp access-list 102 extended deny tcp any any eq 587 access-list 102 extended permit ip any any
ProblemTaking a snapshot of ISE virtual machines is not supported but it still happens occasionally due to administrators taking a snapshot manually or an integrated technology that automatically takes snapshots to back up VMs. When taking a snapsho...
Hi all, Is it available on Stealthwatch 7 Client or web interface the ability to import the Netflow Exporters names? I found only the possibility to configure manually the name of each Netflow Exporter, but not a bulk configuration.
User Experience Enhancements
As part of Cisco Customer Experience program, we are working towards a more uniform user experience and terminology harmonization. This program runs across all Cisco security products.
We are ali...
Join us on Thursday, October 10 at 10 am PT to meet the CEO and Founder of Cisco's most recent security investment.
In today’s cybersecurity arms race, how does Cisco stay one step ahead in the battle against attackers? One key strategy is keeping tabs on...