access list help

jackremboldt · ‎08-28-2006

I need to make some chages to my internet access list to block port 25 (mail) except from specific networks.

can anyone help with this?

Original access list

access-list 101 remark Internet-INBOUND

access-list 101 deny ip 10.0.0.0 0.0.0.255 any

access-list 101 deny ip 172.0.0.0 0.31.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip any 10.0.0.0 0.0.0.255

access-list 101 deny ip any 172.0.0.0 0.31.255.255

access-list 101 deny ip any 192.168.0.0 0.0.255.255

access-list 101 deny ip any 127.0.0.0 0.255.255.255

access-list 101 permit ip any 204.94.233.0 0.0.0.255

access-list 101 permit tcp host 160.81.32.205 host 160.81.32.206 eq bgp

access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo

access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo-reply

access-list 101 permit udp host 132.163.4.103 host 204.94.233.2 eq ntp

access-list 101 deny ip any any log

Need to add these

permit tcp 66.179.26.128/26 67.131.172.2/32 port 25

permit tcp 66.179.109.160/27 67.131.172.2/32 port 25

permit tcp 216.183.119.96/27 67.131.172.2/32 port 25

permit tcp 64.92.205.64/27 67.131.172.2/32 port 25

permit tcp 208.65.144.0/21 67.131.172.2/32 port 25

deny tcp any 67.131.172.0/25 port 25

Thanks, Jack

m-haddad · ‎08-28-2006

You new ACL should look like this

access-list 101 remark Internet-INBOUND

access-list 101 deny ip 10.0.0.0 0.0.0.255 any

access-list 101 deny ip 172.0.0.0 0.31.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip any 10.0.0.0 0.0.0.255

access-list 101 deny ip any 172.0.0.0 0.31.255.255

access-list 101 deny ip any 192.168.0.0 0.0.255.255

access-list 101 deny ip any 127.0.0.0 0.255.255.255

access-list 101 permit tcp 66.179.26.128/26 67.131.172.2/32 port 25

access-list 101 permit tcp 66.179.109.160/27 67.131.172.2/32 port 25

access-list 101 permit tcp 216.183.119.96/27 67.131.172.2/32 port 25

access-list 101 permit tcp 64.92.205.64/27 67.131.172.2/32 port 25

access-list 101 permit tcp 208.65.144.0/21 67.131.172.2/32 port 25

access-list 101 permit tcp host 160.81.32.205 host 160.81.32.206 eq bgp

access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo

access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo-reply

access-list 101 permit udp host 132.163.4.103 host 204.94.233.2 eq ntp

access-list 101 permit ip any 204.94.233.0 0.0.0.255 (I Don't know if you need this line because this will allow everything to the specific destinations)

access-list 101 deny ip any any log

Let me know if this helps and rate please,

Thanks,