Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

Restrict port IP addresses

Im getting ready to configure a CISCO ASA 5510 for our network.  Im fairly new to configuring firewalls and new to CISCO in general.  We host our own exchange server and we have our incoming email filtered for spam and viruses by an outside company.  Would it be possible to restrict forwarding on port 25 to only those IP addresses used by our email filtering services?  

Currently our exchange server is rejecting about 300k emails per day from computers trying to relay emails using only our IP address as the target.  Id like to see as many of those as possible rejected before they ever reach our server.  
1 Solution
You would create an Access-list and apply it to the outside interface.  

You would need something similar to: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080862017.shtml

You code would need to include something close to the following:

Static(inside,outside) <Outside IP> <Internal ip> netmask
Access-list Outside_access_in permit tcp host <ip address or mail host>  host <the outside static of your email server>  eq 25
access-group Outside_access_in in interface outside  


Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now