Solved

prevent all outbound port 25 traffic on all but one IP

Posted on 2013-10-25
1
434 Views
Last Modified: 2013-11-07
I have a network that is blacklisted. I need to stop all traffic on port 25 from leaving the ASA except from one IP address (my security mail appliance).  
I'm learning (but still weak) on ASA CLI.
Here's code I've found on the web:

access-list inbound_on_inside permit tcp any host 1.1.1.1 eq smtp
access-list inbound_on_inside deny tcp any any eq smtp
access-list inbound_on_inside permit ip any any
access-group inbound_on_inside in interface inside

I'm assuming the 1.1.1.1 will be my appliance IP and that this is ALL I need to do to stop SMTP traffic from any machine/device inside the lan from leaving the ASA except the IP I have inserted in the 1.1.1.1 location.  If not, please advise.

Also, I would like to monitor any SMTP traffic hitting the ASA, now being blocked, to find the rogue station(s).  All my anti-virus scans are showing the machines to be healthy and clean.  

Thank you for any thoughts/help/constructive statements

daver
0
Comment
Question by:davebird
1 Comment
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 39608901
Assuming you're host is on the inside (doh), the line:
access-list inbound_on_inside permit tcp any host 1.1.1.1 eq smtp
should be:
access-list inbound_on_inside permit tcp host 1.1.1.1 any eq smtp

For logging the hits, use:
access-list inbound_on_inside deny tcp any any eq smtp log
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VIRL IP adress 3 69
Cisco ASA IOS 9.x - no route to host for Internet 4 76
Viber-Only Restriction 6 44
Palo Alto Networks: View Tunnel packet counts? 2 27
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question