?
Solved

Cisco Pix Outbound ACL

Posted on 2009-02-12
2
Medium Priority
?
813 Views
Last Modified: 2012-05-06
I am getting ready to implement an outbound access control list on our Cisco Pix 506e.  Our only real concern right now is blocking smtp traffic originating from any internal host other then a mail server.  I have added a few other explicit permits just to get some counts.

I need to allow SMTP traffic from the servers with ip addresses 192.168.1.20, 192.168.1.10.

These are the commands I am planning to run to create the ACL and activate it.  Let me know if you see anything wrong or have a suggested improvement.

access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq https
access-list outbound permit tcp 192.168.1.10 255.255.255.255 any eq smtp
access-list outbound permit tcp 192.168.1.20 255.255.255.255 any eq smtp
access-list outbound deny tcp 192.168.1.0 255.255.255.0 any eq smtp
access-list outbound permit ip any any

access-group outbound in interface inside
0
Comment
Question by:VickreyAdmin
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 23629080
That will do it.  The top two lines aren't necessary as the permit ip any any will allow it but I'm assuming these are the lines you want counter statistics from.
0
 
LVL 1

Author Closing Comment

by:VickreyAdmin
ID: 31546406
Yes the top 2 lines are just for counters.  I will add more later.  Thanks for checking this for me.  My network runs 24/7 and I could not afford to make incorrect changes to the production firewall.
0

Featured Post

How to change the world, one degree at a time.

By embracing technology, we can solve even the biggest problems—including the gender gap.  By earning a degree from WGU, you have an opportunity to gain the knowledge, credentials, and experience it takes to thrive in today’s high-growth IT industry.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question