Solved

How do I create an extended ACL for an ASA to restrict outbound SMTP traffic?

Posted on 2009-04-01
2
480 Views
Last Modified: 2012-05-06
I had planned on adding the two access-list commands to the outbound access group, but my ASA doesn't like the eq at the end of the first command.

Access-list outbound extended permit ip 10.254.1.0 255.255.225.0 eq smtp
Access-list outbound extended deny ip any any eq smpt
0
Comment
Question by:guitar_dave
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24041746
You need to use TCP for the protocol (not IP) and you forgot the destination (any).  At the end of the list add a "permit ip any any" to allow all other traffic or else the default action is to deny all.

access-list outbound extended permit tcp 10.254.1.0 255.255.225.0 any eq smtp
access-list outbound extended deny tcp any any eq smtp
access-list outbound extended permit ip any any
0
 

Author Closing Comment

by:guitar_dave
ID: 31565440
Thank you
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing question between wifi / firewall and switch 11 82
Watchguard XTM 2 80
Cisco ASA 5506 5 66
Turn off SIP ALG - Cisco ASA 5505 1 75
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question