oamal2001
asked on
Allow specific traffic through CISCO ASA
HI
I need to know if there is a way to specify an allowed traffic to some clients through Cisco ASA.
for example I have inside and outside interfaces,on the inside interface the network ip is 192.168.1.0 .
I need to allow all clients to access internet except clients 180 and 190 to access only email through outlokk ; ports pop3 and smtp.
Will someone please help me?
THANKS IN ADVANCE
I need to know if there is a way to specify an allowed traffic to some clients through Cisco ASA.
for example I have inside and outside interfaces,on the inside interface the network ip is 192.168.1.0 .
I need to allow all clients to access internet except clients 180 and 190 to access only email through outlokk ; ports pop3 and smtp.
Will someone please help me?
THANKS IN ADVANCE
qbakies
Are 180 and 190 their IP addresses (192.168.1.180)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Technically's access-list is correct but I would do access-list inside deny IP host 192.168.1.180 any instead of access-list inside deny TCP host 192.168.1.180 any. This will make sure no traffic is allowed as opposed to only TCP traffic. Do you know the CLI commands for applying the new access list to the inside interface?
ASKER
Thanks TechnicallyMaybe I will test it and I will get back.
Thanks qbakies I think it is the access group command,is that right?
Thanks qbakies I think it is the access group command,is that right?
ASKER
Is it better to do the last acces list with ip not tcp?
THANKS
THANKS
Yes the last statement is should also be IP. Command for applying this to your inside interface would be:
access-group <ACL NAME> in interface inside
access-group <ACL NAME> in interface inside
Oops sorry, thanks qbakies!
ASKER
THANKS,It is working fine