Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
2
Replies

Add ip address for smtp services asa5510

Go to solution
lawsuites
Level 1
Level 1

‎11-29-2012 09:35 AM - edited ‎03-11-2019 05:30 PM

Hello everyone,

We have hosted spam filter service with 3rd party vendor.  My vendor is switching to different spamming services and I need to add ip address lets say 44.33.454.32 to the list of allowed system that can connect to my smtp service.  I am going over my firewall 5510 configs and I think I need add the entry like this:

“access-list outside-to-inside extended permit tcp object-group obj-44.33.454.32 interface outside eq smtp”

Please have a look at my current configs below and let me know  if that above entry is correct.  If not then what is the correct format.  Thanks in advance.

object-group network obj-64.11.330.134

network-object host 64.11.330.135

network-object host 64.11.330.136

network-object host 64.11.330.137

network-object host 64.11.330.138

network-object host 64.11.330.139

network-object host 64.11.330.140

network-object host 64.11.330.141
  network-object host 64.11.330.142

network-object host 64.11.330.143

network-object host 64.11.330.144

network-object host 64.11.330.145

network-object host 64.11.330.146

object-group network obj-208.44.115.70

network-object host 208.44.115.71

network-object host 208.44.115.72

network-object host 208.44.115.73

network-object host 208.44.115.74

network-object host 208.44.115.75

network-object host 208.44.115.76

network-object host 208.44.115.77

network-object host 208.44.115.78

object-group network obj-208.60.430.644

network-object host 208.60.430.645

network-object host 208.60.430.646

network-object host 208.60.430.647

network-object host 208.60.430.648

network-object host 208.60.430.649

network-object host 208.60.430.650

network-object host 208.60.430.651

network-object host 208.60.430.652

access-list outside-to-inside extended permit tcp object-group obj-64.11.330.134

interface outside eq smtp

access-list outside-to-inside extended permit tcp object-group obj-208.44.115.70

interface outside eq smtp

access-list outside-to-inside extended permit tcp object-group obj-208.60.430.644

interface outside eq smtp

access-list outside-to-inside extended permit tcp 64.18.1.3 255.255.240.0 interf

ace outside eq smtp

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
julomban
Level 3
Level 3

‎11-30-2012 11:56 AM

Hello Lawsuites,

The access list looks good to me... If you want, you can also use a single object group and add all the host you want to allow, this way you only create one single access list instead of 4 lines.

Example:

object-group network All_host

network-object host 64.11.330.135

network-object host 64.11.330.136

network-object host 64.11.330.137

network-object host 64.11.330.138

network-object host 64.11.330.139

network-object host 64.11.330.140

network-object host 64.11.330.141

network-object host 64.11.330.142

network-object host 64.11.330.143

network-object host 64.11.330.144

network-object host 64.11.330.145

network-object host 64.11.330.146

network-object host 208.44.115.71

network-object host 208.44.115.72

network-object host 208.44.115.73

network-object host 208.44.115.74

network-object host 208.44.115.75

network-object host 208.44.115.76

network-object host 208.44.115.77

network-object host 208.44.115.78

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.65

network-object host 208.60.430.65

network-object host 208.60.430.65

!

access-list outside-to-inside extended permit tcp object-group All_host interface outside eq smtp

With the above object-group you just add 1 line access list. But also you can do it with different object groups if you want to keep them seperate.

Hope it helps,

Juan Lombana

Please rate helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
julomban
Level 3
Level 3

‎11-30-2012 11:56 AM

Hello Lawsuites,

The access list looks good to me... If you want, you can also use a single object group and add all the host you want to allow, this way you only create one single access list instead of 4 lines.

Example:

object-group network All_host

network-object host 64.11.330.135

network-object host 64.11.330.136

network-object host 64.11.330.137

network-object host 64.11.330.138

network-object host 64.11.330.139

network-object host 64.11.330.140

network-object host 64.11.330.141

network-object host 64.11.330.142

network-object host 64.11.330.143

network-object host 64.11.330.144

network-object host 64.11.330.145

network-object host 64.11.330.146

network-object host 208.44.115.71

network-object host 208.44.115.72

network-object host 208.44.115.73

network-object host 208.44.115.74

network-object host 208.44.115.75

network-object host 208.44.115.76

network-object host 208.44.115.77

network-object host 208.44.115.78

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.64

network-object host 208.60.430.65

network-object host 208.60.430.65

network-object host 208.60.430.65

!

access-list outside-to-inside extended permit tcp object-group All_host interface outside eq smtp

With the above object-group you just add 1 line access list. But also you can do it with different object groups if you want to keep them seperate.

Hope it helps,

Juan Lombana

Please rate helpful posts.

0 Helpful

Go to solution
lawsuites
Level 1
Level 1
In response to julomban

‎12-01-2012 10:03 AM

Thanks Juan.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card