I am in the middle of an assignment and have become a bit confused on access-lists. Take a look at my rather crude networking pic attached to get an idea of the problem.
What i need to do is allow every host on my network to access the email server at address 220.127.116.11, allowing email to be sent to and downloaded from the mail server (SMTP out and IMAP and POP3 in). This is how i've played it (i am controlling router R1 and both access lists will be placed on s0/1):
To allow SMTP to go out i've done this:
access-list 101 permit tcp any host 18.104.22.168 eq 25
I placed that on interface s0/1 on R1 - OUTBOUND.
to allow IMAP and POP3 in, i've done:
access-list 102 permit tcp host 22.214.171.124 any eq 110
access-list 102 permit tcp host 126.96.36.199 any eq 143
This access list is placed INBOUND on s0/1 on R1.
But this is where i'm getting confused:
1. On the outbound acces list (access-list 101), would i need to allow POP3 and IMAP to to go out? I'm getting confused because i read that IMAP and POP3 are only used to download the email from the server to the client. However i'm thinking that in order to connect to the server in the first place, this would require IMAP/POP3 (whichever is being used) as well?
2. Regarding access-list 102 - i'm worried about the placement of the port numbers. At the moment, are those two lines saying "allow packets from 188.8.131.52 to any host as long as the **source port** is IMAP or POP3", or is it saying "allow packets from 184.108.40.206 to any host as long as the **destination port** is IMAP or POP3"?. I would need it to refer to the former, right?
Thanks for any help.