asked on

configuring cisco router to block all traffic except port 443 and 25 to my on-to-one NAT public IP address

Cisco Router RV016
I am using a cisco router firewall for my network. I recently set up exchange server and used the one-to-one NAT feature on the router to forward all incoming traffic from a public IP to the internal address of my server. That worked fine. However, now I am trying to secure my mail server up from incoming attacks on that public IP. Is there a way to block all incoming traffic on that public IP except for port 25 and 443?

Thanks

Beachdude67

I'd use access lists. If you use an access list, it will deny all the traffic except what you specify in the list. Furthermore, you can specify what port numbers you want to allow. Cisco has a good article on access lists here:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic2

ASKER CERTIFIED SOLUTION

Don Johnston

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

kzackery

ASKER

Ok don,
I got it. Correct me if I'm wrong but it should be set to local are network and then the source ip would be the public ip address that I want to block traffic comming from and the destination would be that of my mail server. How do I know that the ports are being blocked now that I have set it. Is there a way to verify?

Don Johnston

Sorry. I can't remember the screen and the doc's don't have very good screen shots. As I recall, it was pretty straightforward. I think you can specify that traffic from any address can come in only if it's going to a specific port.

kzackery

ASKER

Is there a way to check to see if the ports are blocked?

Don Johnston

It should show in the firewall or filter settings