Solved

Access list blocking out bound mail...

Posted on 2004-04-23
3
313 Views
Last Modified: 2010-04-17
I am trying to setup an ACL that will allow e-mail (Exchange 5.5) out usually port 25 but when this ACL is applied we still can receive mail but out going mail is blocked.  I have applied the config to the serial port as soon as the config is applied to the serial port no mail flows.  I am missing a couple of ports can anyone shed some light on what I am doing wrong?

Ip access-group 101 out
Ip access-group 101 in

Extended IP access list 101
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any source-quench
    permit icmp any any packet-too-big
    permit icmp any any time-exceeded
    permit icmp any any unreachable
    permit tcp any any eq ftp-data
    permit tcp any any eq ftp
    permit tcp any any eq telnet
    permit tcp any any eq domain
    permit udp any any eq domain
    permit tcp any any eq www
    permit tcp any any eq 443
    permit tcp any any eq pop3
    permit tcp any any eq 143
    permit tcp any any eq 366
    permit tcp any any eq 389
    permit tcp any any eq 465
    permit tcp any any eq 636
    permit tcp any any eq 993
    permit tcp any any eq 995
    permit tcp any any eq 3389
    permit tcp any any eq 4899
    permit tcp any any eq 5222
    permit tcp any any eq 5223
    permit tcp any any eq smtp
    permit udp any any eq 25
0
Comment
Question by:JaysonJackson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10904182
mail (SMTP) is TCP port 25, not udp.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10904233
Oops, you have that. Actually, here's the problem. You have to add something like this:
permit tcp any eq smtp any gt 1023

You aren't allowing return traffic from source port 25, which will want to talk to the high-numbered port that originated the session to port 25.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 10904256
Either that or add

permit tcp any any established

I'm assuming from your current list that security isn't an issue...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question