Solved

prevent all outbound port 25 traffic on all but one IP

Posted on 2013-10-25
1
435 Views
Last Modified: 2013-11-07
I have a network that is blacklisted. I need to stop all traffic on port 25 from leaving the ASA except from one IP address (my security mail appliance).  
I'm learning (but still weak) on ASA CLI.
Here's code I've found on the web:

access-list inbound_on_inside permit tcp any host 1.1.1.1 eq smtp
access-list inbound_on_inside deny tcp any any eq smtp
access-list inbound_on_inside permit ip any any
access-group inbound_on_inside in interface inside

I'm assuming the 1.1.1.1 will be my appliance IP and that this is ALL I need to do to stop SMTP traffic from any machine/device inside the lan from leaving the ASA except the IP I have inserted in the 1.1.1.1 location.  If not, please advise.

Also, I would like to monitor any SMTP traffic hitting the ASA, now being blocked, to find the rogue station(s).  All my anti-virus scans are showing the machines to be healthy and clean.  

Thank you for any thoughts/help/constructive statements

daver
0
Comment
Question by:davebird
1 Comment
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 39608901
Assuming you're host is on the inside (doh), the line:
access-list inbound_on_inside permit tcp any host 1.1.1.1 eq smtp
should be:
access-list inbound_on_inside permit tcp host 1.1.1.1 any eq smtp

For logging the hits, use:
access-list inbound_on_inside deny tcp any any eq smtp log
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question