Solved: Add ip address for smtp services asa5510

lawsuites · ‎11-29-2012

Hello everyone,

We have hosted spam filter service with 3^rd party vendor. My vendor is switching to different spamming services and I need to add ip address lets say 44.33.454.32 to the list of allowed system that can connect to my smtp service. I am going over my firewall 5510 configs and I think I need add the entry like this:

“access-list outside-to-inside extended permit tcp object-group obj-44.33.454.32 interface outside eq smtp”

Please have a look at my current configs below and let me know if that above entry is correct. If not then what is the correct format. Thanks in advance.

object-group network obj-64.11.330.134

network-object host 64.11.330.135

network-object host 64.11.330.136

network-object host 64.11.330.137

network-object host 64.11.330.138

network-object host 64.11.330.139

network-object host 64.11.330.140

network-object host 64.11.330.141
network-object host 64.11.330.142

network-object host 64.11.330.143

network-object host 64.11.330.144

network-object host 64.11.330.145

network-object host 64.11.330.146

object-group network obj-208.44.115.70

network-object host 208.44.115.71

network-object host 208.44.115.72

network-object host 208.44.115.73

network-object host 208.44.115.74

network-object host 208.44.115.75

network-object host 208.44.115.76

network-object host 208.44.115.77

network-object host 208.44.115.78

object-group network obj-208.60.430.644

network-object host 208.60.430.645

network-object host 208.60.430.646

network-object host 208.60.430.647

network-object host 208.60.430.648

network-object host 208.60.430.649

network-object host 208.60.430.650

network-object host 208.60.430.651

network-object host 208.60.430.652

access-list outside-to-inside extended permit tcp object-group obj-64.11.330.134

interface outside eq smtp

access-list outside-to-inside extended permit tcp object-group obj-208.44.115.70

interface outside eq smtp

access-list outside-to-inside extended permit tcp object-group obj-208.60.430.644

interface outside eq smtp

access-list outside-to-inside extended permit tcp 64.18.1.3 255.255.240.0 interf

ace outside eq smtp

julomban · ‎11-30-2012

Hello Lawsuites,

The access list looks good to me... If you want, you can also use a single object group and add all the host you want to allow, this way you only create one single access list instead of 4 lines.

Example:

object-group network All_host

network-object host 64.11.330.135

network-object host 64.11.330.136

network-object host 64.11.330.137

network-object host 64.11.330.138

network-object host 64.11.330.139

network-object host 64.11.330.140

network-object host 64.11.330.141

network-object host 64.11.330.142

network-object host 64.11.330.143

network-object host 64.11.330.144

network-object host 64.11.330.145

network-object host 64.11.330.146

network-object host 208.44.115.71

network-object host 208.44.115.72

network-object host 208.44.115.73

network-object host 208.44.115.74

network-object host 208.44.115.75

network-object host 208.44.115.76

network-object host 208.44.115.77

network-object host 208.44.115.78

network-object host 208.60.430.64

network-object host 208.60.430.65

!

access-list outside-to-inside extended permit tcp object-group All_host interface outside eq smtp

With the above object-group you just add 1 line access list. But also you can do it with different object groups if you want to keep them seperate.

Hope it helps,

Juan Lombana

Please rate helpful posts.

View solution in original post

julomban · ‎11-30-2012

Hello Lawsuites,

The access list looks good to me... If you want, you can also use a single object group and add all the host you want to allow, this way you only create one single access list instead of 4 lines.

Example:

object-group network All_host

network-object host 64.11.330.135

network-object host 64.11.330.136

network-object host 64.11.330.137

network-object host 64.11.330.138

network-object host 64.11.330.139

network-object host 64.11.330.140

network-object host 64.11.330.141

network-object host 64.11.330.142

network-object host 64.11.330.143

network-object host 64.11.330.144

network-object host 64.11.330.145

network-object host 64.11.330.146

network-object host 208.44.115.71

network-object host 208.44.115.72

network-object host 208.44.115.73

network-object host 208.44.115.74

network-object host 208.44.115.75

network-object host 208.44.115.76

network-object host 208.44.115.77

network-object host 208.44.115.78

network-object host 208.60.430.64

network-object host 208.60.430.65

!

access-list outside-to-inside extended permit tcp object-group All_host interface outside eq smtp

With the above object-group you just add 1 line access list. But also you can do it with different object groups if you want to keep them seperate.

Hope it helps,

Juan Lombana

Please rate helpful posts.

lawsuites · ‎12-01-2012

Thanks Juan.