We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Cisco Pix Outbound ACL

VickreyAdmin
VickreyAdmin asked
on
Medium Priority
834 Views
Last Modified: 2012-05-06
I am getting ready to implement an outbound access control list on our Cisco Pix 506e.  Our only real concern right now is blocking smtp traffic originating from any internal host other then a mail server.  I have added a few other explicit permits just to get some counts.

I need to allow SMTP traffic from the servers with ip addresses 192.168.1.20, 192.168.1.10.

These are the commands I am planning to run to create the ACL and activate it.  Let me know if you see anything wrong or have a suggested improvement.

access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq https
access-list outbound permit tcp 192.168.1.10 255.255.255.255 any eq smtp
access-list outbound permit tcp 192.168.1.20 255.255.255.255 any eq smtp
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq smtp
access-list outbound permit ip any any

access-group outbound in interface inside
Comment
Watch Question

Top Expert 2009
Commented:
That will do it.  The top two lines aren't necessary as the permit ip any any will allow it but I'm assuming these are the lines you want counter statistics from.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Yes the top 2 lines are just for counters.  I will add more later.  Thanks for checking this for me.  My network runs 24/7 and I could not afford to make incorrect changes to the production firewall.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.