Hi all. I have a non-Cisco router and it has no sensible capabilities. There seems to be a spam botnet on the internal network (unknown which are infected systems). This router cannot do port blocking from inside to outside and my goal would be to block all systems from using port 25 outbound except the mail server. I have an 891W nearly fully configured which was going to be connecting to a new ISP's on-premise Cisco router as it's uplink, so gig0 on this router was configured with a static IP and its next hop was the IP of the ISP's router. Mine is a stub router so is using default route 0.0.0.0 0.0.0.0 gigabitethernet 0 rather tan the actual IP of the next hop. .
Is there a quick method to reconfigure this WAN interface (gig0) to be a PPPoE client and would that have impact on "normal" other router functions? There are no routing protocols in use, this is a simple Internet gateway for an office. I have NAT and firewall set up already. Although I will need to figure out how to set up the insode-outside zone to block port 25 for all except the mail server. I can post to the IOS Firewall forum on that, or, if anybody here wants to advise, y thinking is this (I'm a little new to zone firewall):
permit tcp <mail server internal IP> any eq smtp
deny tcp any any eq smtp
The class map that governs inside-outside currently has a match-all and does a permit ip any any via a seperate ACL, the policy map has inspect on this.
Would I perhaps add "permit ip any any" as the final line in thi sACL above? Again my goal is to block all port 25 access for internal systems to the outside world, except the mail server. But I would want to allow all other traffic, via inspection, so return traffic comes back.
I can post this firewall question to the IOS Firewall forum if that is best, mainly I need to know about the PPPoE part though.
After my first publication of the book OSPF Demystified With RFC in 2014 which goes beyond the CCIE level which explores OSPF from the RFC's perspective. Since one year I had the idea : why not write a book for CCIE Enterprise and Infrastructure to be an ...
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...