Solved

Cisco ASA allow certain range of IPs through ASA

Posted on 2011-02-22
3
1,051 Views
Last Modified: 2012-05-11
I have a cisco ASA, I would like to only allow a certain range of IP address through port 25.  We currently allow all.  What is the command to only allow a range.

access-list outside_access_in extended permit tcp any interface outside eq smtp log

The ranges would be 192.168.144.0/21 and 192.168.64.0/22.  Any help would greatly be appreciated.
0
Comment
Question by:TJacoberger1
3 Comments
 
LVL 1

Accepted Solution

by:
aluddington earned 500 total points
ID: 34958057
TJacoberger1,

According to the information that you have provided these are the following access-list that you are looking for:

access-list inbound extended permit tcp 192.168.144.0 255.255.248.0 interface outside eq smtp
access-list inbound extended permit tcp 192.168.64.0 255.255.252.0 interface outside eq smtp

Keep in mind that these access list assume that you have Static's pointing to your mail server.

static (inside,outside) tcp interface smtp 192.168.X.X smtp netmask 255.255.255.255

where  192.168.X.X is the ip of your mail server.

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34958233
you need to add'clear xlate' afret that you chaged it....
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34959304
clear local-host
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ISP Change 14 63
ASA 5506X create a simple DMZ 4 28
Port Forwarding 4 30
How to append an output to existing file with DOS and IPerf 2 35
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question