Solved: help with acl

jonl711 · ‎09-08-2011

I'm trying to block all traffic with the address 192.168.5.6 port 25 from going out of a router. All port 25 traffic is suppose to leave from a mail server on 192.168.5.201.

the setup is a terminal server on 192.168.5.6 and the mail server is 192.168.5.201

all users send mail thru the mail server via outlook to the mail server, therefore any attempt to send any mail through any other device or system is prohibitted .

If I'm correct the acl would look like the following:

access-list 110 permit tcp 192.168.5.201 0.0.0.255 eq 25

access-list 110 deny tcp 192.168.5.6 0.0.0.255 eq 25

Is the above correct or do I need to drill it down more?.

Jennifer Halim · ‎09-09-2011

You can configure the following access-list, and this will also ensure that all your other traffic is not blocked:

access-list 110 permit tcp host 192.168.5.201 any eq 25

access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq 25

access-list 110 permit ip any any

First line will allow only 192.168.5.201 to send email out on port 25

Second line will block/deny any ip address within 192.168.5.0/24 subnet to send email out on port 25

Third line will allow everything else to go through.

Hope this helps.

View solution in original post

Jennifer Halim · ‎09-09-2011