Solved

Access list blocking out bound mail...

Posted on 2004-04-23
3
301 Views
Last Modified: 2010-04-17
I am trying to setup an ACL that will allow e-mail (Exchange 5.5) out usually port 25 but when this ACL is applied we still can receive mail but out going mail is blocked.  I have applied the config to the serial port as soon as the config is applied to the serial port no mail flows.  I am missing a couple of ports can anyone shed some light on what I am doing wrong?

Ip access-group 101 out
Ip access-group 101 in

Extended IP access list 101
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any source-quench
    permit icmp any any packet-too-big
    permit icmp any any time-exceeded
    permit icmp any any unreachable
    permit tcp any any eq ftp-data
    permit tcp any any eq ftp
    permit tcp any any eq telnet
    permit tcp any any eq domain
    permit udp any any eq domain
    permit tcp any any eq www
    permit tcp any any eq 443
    permit tcp any any eq pop3
    permit tcp any any eq 143
    permit tcp any any eq 366
    permit tcp any any eq 389
    permit tcp any any eq 465
    permit tcp any any eq 636
    permit tcp any any eq 993
    permit tcp any any eq 995
    permit tcp any any eq 3389
    permit tcp any any eq 4899
    permit tcp any any eq 5222
    permit tcp any any eq 5223
    permit tcp any any eq smtp
    permit udp any any eq 25
0
Comment
Question by:JaysonJackson
  • 3
3 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10904182
mail (SMTP) is TCP port 25, not udp.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10904233
Oops, you have that. Actually, here's the problem. You have to add something like this:
permit tcp any eq smtp any gt 1023

You aren't allowing return traffic from source port 25, which will want to talk to the high-numbered port that originated the session to port 25.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 10904256
Either that or add

permit tcp any any established

I'm assuming from your current list that security isn't an issue...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question