09-08-2011 03:23 PM - edited 02-20-2020 09:42 PM
I'm trying to block all traffic with the address 192.168.5.6 port 25 from going out of a router. All port 25 traffic is suppose to leave from a mail server on 192.168.5.201.
the setup is a terminal server on 192.168.5.6 and the mail server is 192.168.5.201
all users send mail thru the mail server via outlook to the mail server, therefore any attempt to send any mail through any other device or system is prohibitted .
If I'm correct the acl would look like the following:
access-list 110 permit tcp 192.168.5.201 0.0.0.255 eq 25
access-list 110 deny tcp 192.168.5.6 0.0.0.255 eq 25
Is the above correct or do I need to drill it down more?.
Solved! Go to Solution.
09-09-2011 08:52 PM
You can configure the following access-list, and this will also ensure that all your other traffic is not blocked:
access-list 110 permit tcp host 192.168.5.201 any eq 25
access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq 25
access-list 110 permit ip any any
First line will allow only 192.168.5.201 to send email out on port 25
Second line will block/deny any ip address within 192.168.5.0/24 subnet to send email out on port 25
Third line will allow everything else to go through.
Hope this helps.
09-09-2011 08:52 PM
You can configure the following access-list, and this will also ensure that all your other traffic is not blocked:
access-list 110 permit tcp host 192.168.5.201 any eq 25
access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq 25
access-list 110 permit ip any any
First line will allow only 192.168.5.201 to send email out on port 25
Second line will block/deny any ip address within 192.168.5.0/24 subnet to send email out on port 25
Third line will allow everything else to go through.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide