Solved

Port Configurations on Pix 506e

Posted on 2010-08-26
3
330 Views
Last Modified: 2012-06-27
Does anyone have any sample code that would allow me to block all ports except 80 8080 and a few others from internal users while allowing allowing My Exchange server to be the only computer on the inside to use smtp port? Thanks for any help in advance.
0
Comment
Question by:JustAnotherGeek
  • 2
3 Comments
 
LVL 10

Expert Comment

by:qbakies
ID: 33533133
So you want to block 80, 8080, and SMTP traffic leaving your network or coming into your network?
0
 
LVL 10

Accepted Solution

by:
qbakies earned 250 total points
ID: 33533419
From re-reading your question it sounds like you want to block traffic leaving your network so this will do that.  If you want it the other way around or have additional questions please ask.

Assuming your LAN is 192.168.1.0/24 and your Exchange IP is 192.168.1.100:

access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 80 <- allows traffic from entire subnet out on port 80
access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 8080 <- allows traffic from entire subnet out on port 8080
access-list block_traffic_out permit ip host 192.168.1.100 any eq 25 <- allows traffic from Exchange out on port 25
access-list block_traffic_out deny ip 192.168.1.0 0.0.0.0 any <- denies all other traffic out of your network

Apply this access-list to your inside interface:

access-group block_traffic_out in interface inside

Since ACLs are processed from the top down you will need to add additional entries to the ACL in the order you want them processed.  You should note, however, that this is an extremely rigid ACL that will kill all traffic leaving your network except if specified.
0
 

Author Comment

by:JustAnotherGeek
ID: 33534122
Hey Thanks qbakies.... That is what I am looking for. I want to allow them to access the internet using 80 and 8080 and a couple of other ports. One of the main reasons that I want to block the rest along with 25 is I inherited a Trojan that was spamming was put on several blacklist twice...I want to make sure that on port 25 traffic only leaves the exchange server... Thanks for your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BGP Code 12 47
Cisco ASA and Watchguard firewall 2 39
Cisco 5508 controller parsing error 4 66
Cisco WAP POE power 28 81
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question