[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1062
  • Last Modified:

Cisco ASA allow certain range of IPs through ASA

I have a cisco ASA, I would like to only allow a certain range of IP address through port 25.  We currently allow all.  What is the command to only allow a range.

access-list outside_access_in extended permit tcp any interface outside eq smtp log

The ranges would be 192.168.144.0/21 and 192.168.64.0/22.  Any help would greatly be appreciated.
0
TJacoberger1
Asked:
TJacoberger1
1 Solution
 
aluddingtonCommented:
TJacoberger1,

According to the information that you have provided these are the following access-list that you are looking for:

access-list inbound extended permit tcp 192.168.144.0 255.255.248.0 interface outside eq smtp
access-list inbound extended permit tcp 192.168.64.0 255.255.252.0 interface outside eq smtp

Keep in mind that these access list assume that you have Static's pointing to your mail server.

static (inside,outside) tcp interface smtp 192.168.X.X smtp netmask 255.255.255.255

where  192.168.X.X is the ip of your mail server.

0
 
Istvan KalmarHead of IT Security Division Commented:
you need to add'clear xlate' afret that you chaged it....
0
 
KendzastCommented:
clear local-host
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now