cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

221
Views
10
Helpful
4
Replies
Highlighted
Beginner

ACS | Open port 25

Hello Team,

 

We would like to seek your assistance in identifying if ACS connectivity to public ip is legit. We monitored that it was connecting to the said IP using port 25.

 

How can we block from acs using port 25.

 

 

Everyone's tags (1)
4 REPLIES 4
Beginner

Re: ACS | Open port 25


@ccg-security wrote:

How can we block from acs using port 25.


You can use extended ACL on router:

access-list 101 deny tcp host <IP of ACS> any eq 25
access-list 101 permit tcp any any

 

VIP Advisor

Re: ACS | Open port 25

Hi there,

Why not configure an ACL on the SVI which is your ACS instance gateway. Something like:

 

!
ip access-list ext BLOCK_ACS_25
  deny tcp <acs_ip> any eq 25
  permit ip any any
!
int vlan 200
  ip access-group BLOCK_ACS_25 in
!

cheers,

Seb.

Beginner

Re: ACS | Open port 25

why is that our ACS is communicating outside (public ip) using port 25? 

VIP Advisor

Re: ACS | Open port 25

Hi there,

Have you tried resolving the IP address?

 

Does the IP address appear in ACS? Maybe it is a destination for email notifications:

 

https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/user/guide/acsuserguide/viewer_sys_ops.html#59952

 

cheers,

Seb.