08-28-2006 07:47 AM - edited 03-03-2019 01:47 PM
I need to make some chages to my internet access list to block port 25 (mail) except from specific networks.
can anyone help with this?
Original access list
access-list 101 remark Internet-INBOUND
access-list 101 deny ip 10.0.0.0 0.0.0.255 any
access-list 101 deny ip 172.0.0.0 0.31.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip any 10.0.0.0 0.0.0.255
access-list 101 deny ip any 172.0.0.0 0.31.255.255
access-list 101 deny ip any 192.168.0.0 0.0.255.255
access-list 101 deny ip any 127.0.0.0 0.255.255.255
access-list 101 permit ip any 204.94.233.0 0.0.0.255
access-list 101 permit tcp host 160.81.32.205 host 160.81.32.206 eq bgp
access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo
access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo-reply
access-list 101 permit udp host 132.163.4.103 host 204.94.233.2 eq ntp
access-list 101 deny ip any any log
Need to add these
permit tcp 66.179.26.128/26 67.131.172.2/32 port 25
permit tcp 66.179.109.160/27 67.131.172.2/32 port 25
permit tcp 216.183.119.96/27 67.131.172.2/32 port 25
permit tcp 64.92.205.64/27 67.131.172.2/32 port 25
permit tcp 208.65.144.0/21 67.131.172.2/32 port 25
deny tcp any 67.131.172.0/25 port 25
Thanks, Jack
08-28-2006 07:52 AM
You new ACL should look like this
access-list 101 remark Internet-INBOUND
access-list 101 deny ip 10.0.0.0 0.0.0.255 any
access-list 101 deny ip 172.0.0.0 0.31.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip any 10.0.0.0 0.0.0.255
access-list 101 deny ip any 172.0.0.0 0.31.255.255
access-list 101 deny ip any 192.168.0.0 0.0.255.255
access-list 101 deny ip any 127.0.0.0 0.255.255.255
access-list 101 permit tcp 66.179.26.128/26 67.131.172.2/32 port 25
access-list 101 permit tcp 66.179.109.160/27 67.131.172.2/32 port 25
access-list 101 permit tcp 216.183.119.96/27 67.131.172.2/32 port 25
access-list 101 permit tcp 64.92.205.64/27 67.131.172.2/32 port 25
access-list 101 permit tcp 208.65.144.0/21 67.131.172.2/32 port 25
access-list 101 permit tcp host 160.81.32.205 host 160.81.32.206 eq bgp
access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo
access-list 101 permit icmp host 160.81.32.205 host 160.81.32.206 echo-reply
access-list 101 permit udp host 132.163.4.103 host 204.94.233.2 eq ntp
access-list 101 permit ip any 204.94.233.0 0.0.0.255 (I Don't know if you need this line because this will allow everything to the specific destinations)
access-list 101 deny ip any any log
Let me know if this helps and rate please,
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide