07-21-2019 11:51 PM - edited 02-21-2020 11:08 AM
Hello Team,
We would like to seek your assistance in identifying if ACS connectivity to public ip is legit. We monitored that it was connecting to the said IP using port 25.
How can we block from acs using port 25.
07-22-2019 12:00 AM - edited 07-22-2019 12:03 AM
@ccg-security wrote:How can we block from acs using port 25.
You can use extended ACL on router:
access-list 101 deny tcp host <IP of ACS> any eq 25access-list 101 permit tcp any any
07-22-2019 12:06 AM - edited 07-22-2019 12:07 AM
Hi there,
Why not configure an ACL on the SVI which is your ACS instance gateway. Something like:
! ip access-list ext BLOCK_ACS_25 deny tcp <acs_ip> any eq 25 permit ip any any ! int vlan 200 ip access-group BLOCK_ACS_25 in !
cheers,
Seb.
07-22-2019 08:42 PM
why is that our ACS is communicating outside (public ip) using port 25?
07-22-2019 10:56 PM
Have you tried resolving the IP address?
Does the IP address appear in ACS? Maybe it is a destination for email notifications:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/user/guide/acsuserguide/viewer_sys_ops.html#59952
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
