cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
480
Views
0
Helpful
1
Replies
Beginner

help with acl

I'm trying to block all traffic with the address 192.168.5.6 port 25 from going out of a router.  All port 25 traffic is suppose to leave from a mail server on 192.168.5.201.

the setup is a terminal server on 192.168.5.6 and the mail server is 192.168.5.201

all users send mail thru the mail server via outlook to the mail server, therefore any attempt to send any mail through any other device or system is prohibitted .

If I'm correct the acl would look like the following:

access-list 110 permit tcp 192.168.5.201 0.0.0.255 eq 25

access-list 110 deny tcp 192.168.5.6  0.0.0.255 eq 25

Is the above correct or do I need to drill it down more?.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

help with acl

You can configure the following access-list, and this will also ensure that all your other traffic is not blocked:

access-list 110 permit tcp host 192.168.5.201 any eq 25

access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq 25

access-list 110 permit ip any any

First line will allow only 192.168.5.201 to send email out on port 25

Second line will block/deny any ip address within 192.168.5.0/24 subnet to send email out on port 25

Third line will allow everything else to go through.

Hope this helps.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

help with acl

You can configure the following access-list, and this will also ensure that all your other traffic is not blocked:

access-list 110 permit tcp host 192.168.5.201 any eq 25

access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq 25

access-list 110 permit ip any any

First line will allow only 192.168.5.201 to send email out on port 25

Second line will block/deny any ip address within 192.168.5.0/24 subnet to send email out on port 25

Third line will allow everything else to go through.

Hope this helps.

View solution in original post

This widget could not be displayed.