Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
1
Replies

I'm badly stuck. Urgent Help needed!!!!

wipro_security
Level 1
Level 1

‎11-04-2003 10:32 PM - edited ‎03-09-2019 05:24 AM

I want to block all incoming traffic except SMTP using ACL on my cisco 3640 router.Router is being used as NAT device.My mail server is in my private LAN and statically NATed with the serial interface IP.

As far as outgoing traffic is concerned i just want browsing to occur.

Taking all this into consideration, i made this ACL and applied to my serial interface for inbound traffic.No other ACL was applied to any other interface.

Permit tcp any any established( Thinking it'll allow the reply tcp packets)

permit TCP any any eq 25

permit tcp any any eq 53

permit udp any any eq 53.

deny ip any any

But that really didn't work as it blocked my browsing.

Can someone suggest what is wrong in this ACL

Labels:
0 Helpful
1 Reply 1

bfl1
Level 1
Level 1

‎11-05-2003 07:35 AM

Looks like you're in need of CBAC. Standard IOS ACL's aren't session state aware. Looks like you need the IOSFW on your router to achieve what you are trying to do... either that, or control access vial the pix...

CBAC Info:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca606.html

0 Helpful
Customers Also Viewed These Support Documents