Solved

Port Configurations on Pix 506e

Posted on 2010-08-26
3
329 Views
Last Modified: 2012-06-27
Does anyone have any sample code that would allow me to block all ports except 80 8080 and a few others from internal users while allowing allowing My Exchange server to be the only computer on the inside to use smtp port? Thanks for any help in advance.
0
Comment
Question by:JustAnotherGeek
  • 2
3 Comments
 
LVL 10

Expert Comment

by:qbakies
ID: 33533133
So you want to block 80, 8080, and SMTP traffic leaving your network or coming into your network?
0
 
LVL 10

Accepted Solution

by:
qbakies earned 250 total points
ID: 33533419
From re-reading your question it sounds like you want to block traffic leaving your network so this will do that.  If you want it the other way around or have additional questions please ask.

Assuming your LAN is 192.168.1.0/24 and your Exchange IP is 192.168.1.100:

access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 80 <- allows traffic from entire subnet out on port 80
access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 8080 <- allows traffic from entire subnet out on port 8080
access-list block_traffic_out permit ip host 192.168.1.100 any eq 25 <- allows traffic from Exchange out on port 25
access-list block_traffic_out deny ip 192.168.1.0 0.0.0.0 any <- denies all other traffic out of your network

Apply this access-list to your inside interface:

access-group block_traffic_out in interface inside

Since ACLs are processed from the top down you will need to add additional entries to the ACL in the order you want them processed.  You should note, however, that this is an extremely rigid ACL that will kill all traffic leaving your network except if specified.
0
 

Author Comment

by:JustAnotherGeek
ID: 33534122
Hey Thanks qbakies.... That is what I am looking for. I want to allow them to access the internet using 80 and 8080 and a couple of other ports. One of the main reasons that I want to block the rest along with 25 is I inherited a Trojan that was spamming was put on several blacklist twice...I want to make sure that on port 25 traffic only leaves the exchange server... Thanks for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now