Hello,
I want to allow a single host to send smtp traffic (port 25) only to a specific network range. SMTP traffic to the rest of the internet should be denied. The host comes from the inside of the network. I've created the following ACL for the outside interface of the cisco router:
ACL:
! only allow host 77.77.208.5 to send smtp traffic to the network 77.77.192.0/19
access-list 102 permit tcp host 77.77.208.5 eq smtp 77.77.192.0 0.0.31.255
! deny smtp traffic from host 77.77.208.5 to the whole internet
access-list 102 deny tcp host 77.77.208.5 eq smtp any
! allow all other ip
access-list 102 permit ip any any
Config:
!
interface GigabitEthernet0/1.60
description External Interface to internet
encapsulation dot1Q 60
ip address 77.77.206.229 255.255.255.224
ip access-group 102 out
...
...
...
!
But it seems that the rules do not appear:
Extended IP access list 102
10 permit tcp host 77.77.208.5 eq smtp 77.77.192.0 0.0.31.255
20 deny tcp host 77.77.208.5 eq smtp any
30 permit ip any any (144308583 matches)
Any hints?
Thanks,
Thomas