Cisco Pix Outbound ACL
Posted on 2009-02-12
I am getting ready to implement an outbound access control list on our Cisco Pix 506e. Our only real concern right now is blocking smtp traffic originating from any internal host other then a mail server. I have added a few other explicit permits just to get some counts.
I need to allow SMTP traffic from the servers with ip addresses 192.168.1.20, 192.168.1.10.
These are the commands I am planning to run to create the ACL and activate it. Let me know if you see anything wrong or have a suggested improvement.
access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq https
access-list outbound permit tcp 192.168.1.10 255.255.255.255 any eq smtp
access-list outbound permit tcp 192.168.1.20 255.255.255.255 any eq smtp
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq smtp
access-list outbound permit ip any any
access-group outbound in interface inside