11-14-2006 07:03 PM - edited 02-20-2020 09:38 PM
Hi,
Ok like this, i want to deny network 192.168.1.0/24 send an email using port 25 (smtp) and want to allow only 192.168.1.2 to send email. Below config not working, it deny all tcp 25,
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
any idea what's wrong with my config
thanks
Solved! Go to Solution.
11-14-2006 07:40 PM
HI try this ..
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
I hope it heslp .. please rate it if it dose !!!!
11-14-2006 08:43 PM
11-14-2006 07:40 PM
HI try this ..
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
I hope it heslp .. please rate it if it dose !!!!
11-14-2006 08:34 PM
Oppss, my access-list upside down? If i want to allow another host, 192.168.1.3 should i repeat the same procedure? starting from permit tcp 192.168.1.3 and then deny other tcp 25.
11-14-2006 08:43 PM
yes
11-14-2006 09:42 PM
alright dude, it works, thanks
11-15-2006 01:19 AM
Hi Tonny
change the sequence like that.
keep in mind that once you have a "deny match" no further acl statements will be checked.
access-list outbound permit tcp host 192.168.1.2 any eq 25
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq 25
access-list outbound permit ip any any
access-group outbound in interface inside
cheers
Claudio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide