Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I create an extended ACL for an ASA to restrict outbound SMTP traffic?

Posted on 2009-04-01
2
Medium Priority
?
484 Views
Last Modified: 2012-05-06
I had planned on adding the two access-list commands to the outbound access group, but my ASA doesn't like the eq at the end of the first command.

Access-list outbound extended permit ip 10.254.1.0 255.255.225.0 eq smtp
Access-list outbound extended deny ip any any eq smpt
0
Comment
Question by:guitar_dave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 24041746
You need to use TCP for the protocol (not IP) and you forgot the destination (any).  At the end of the list add a "permit ip any any" to allow all other traffic or else the default action is to deny all.

access-list outbound extended permit tcp 10.254.1.0 255.255.225.0 any eq smtp
access-list outbound extended deny tcp any any eq smtp
access-list outbound extended permit ip any any
0
 

Author Closing Comment

by:guitar_dave
ID: 31565440
Thank you
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question