|
Posted by Chris on July 21, 2007, 2:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> On Jul 20, 10:31 pm, gc...@routergod.com wrote:
>>
>>> Hi there,
>>> I have a Cisco PIX 515e version 7.2, and I have an Exchange email server
>>> inside the firewall, which are all working well.
>>> Right now, I'm trying to block all outgoing SMTP traffic (over port 25),
>>> except from my company's Exchange server.
>>> Any idea about how to do this is appreciated.
>>> Ross
>>
>> access-list SMTP-CONTROL permit tcp host 10.1.1.1 any eq smtp ! Where
>> 10.1.1.1 is the IP address of Exchange
>> access-list SMTP-CONTROL deny tcp any any eq smtp
>> access-list SMTP-CONTROL permit ip any any ! implicit deny any any
>> !
>> access-group SMTP-CONTROL in interface inside
>> !
>>
>> Since the access-list gets executed in order, line one runs first and
>> wont make it to line two unless it is a TCP connection on port 25 with
>> a different IP address. Remember if anyone trys to send any mail
>> except the exchange server it will be blocked.
>
> Sorry to thread jack .. But on an ASA if I was trying to do something
> similar would I have to assign this access-list to an interface? Or is
> this only for IOS routers where you have to assign the ACL to an
> interface?
>
> Thanks and sorry again ..
>
> GNY
The example above is for a Pix version 7.x, which is essentially the same
as an ASA. So yes, you have to apply the access-list to an interface.
Chris.
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map