I'm attempting to block all outgoing SMTP traffic on a given local range, but it simply isn't working.
All DHCP clients on my network are in the 10.3.3.x (255.255.0.0) range, and I'm wanting to keep them from contacting any mail server outside the network, so I did this:
# Interface to LAN
ip address 10.3.0.1 255.255.0.0
ip nat inside
# Interface to Internet
ip address dhcp
ip access-group 102 out
ip nat outside
access-list 102 deny tcp 10.3.3.0 0.0.0.255 any eq smtp
access-list 102 permit ip any any
I also tried switching the order of the permit and deny lines just to see if it would make a difference, it doesn't, but if the permit line is gone the DHCP clients cease to be able to access the Internet, so I know the ACL works at least.
So, what am I doing wrong? I've googled around like crazy and it seems like I have the ACL line correct.