cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
352
Views
0
Helpful
5
Replies
tonny_ecmyy
Beginner

Access-list

Hi,

Ok like this, i want to deny network 192.168.1.0/24 send an email using port 25 (smtp) and want to allow only 192.168.1.2 to send email. Below config not working, it deny all tcp 25,

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

any idea what's wrong with my config

thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions
Fernando_Meza
Rising star

HI try this ..

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

I hope it heslp .. please rate it if it dose !!!!

View solution in original post

5 REPLIES 5
Fernando_Meza
Rising star

HI try this ..

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

I hope it heslp .. please rate it if it dose !!!!

View solution in original post

Oppss, my access-list upside down? If i want to allow another host, 192.168.1.3 should i repeat the same procedure? starting from permit tcp 192.168.1.3 and then deny other tcp 25.

alright dude, it works, thanks

c.spescha
Beginner

Hi Tonny

change the sequence like that.

keep in mind that once you have a "deny match" no further acl statements will be checked.

access-list outbound permit tcp host 192.168.1.2 any eq 25

access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25

access-list outbound permit ip any any

access-group outbound in interface inside

cheers

Claudio

Content for Community-Ad