asa5505 access-list to prevent accesss from the outside

We just put an asa5505 vpn/firewall. This device is new to us. We need to setup an access-list that will allow the inside network (192.168.1.x) to send emails only, but deny any traffic from the internet back to this network or any other traffic for the inside network to the internet (like browsing, etc).   The only thing we allow from the outside is to vpn to this network. Could someone help us with this. Please provide detail.
ShenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soufiane Adil, Ph.DIT, Network Architect - CCNP/CCDPCommented:
Hi Rickgov

All you need to do is on inside interface (use ASDM) create an access-list with permit 192.168.1.0/24 ANY eq  SMTP

and on the ouside interface you can do the same by permiting only SMTP traffic (inbound traffic) to reach the network 192.168.1.0/24

Sou
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Son DoSenior Network EngineerCommented:
Hi Rick

Firstly it will be better if you can access the ASA via ASDM. 2 things you need to configure is:

1. Create a rule from inside (192.168.1.x) to outside (Mail server IP) via (mail tcp port)
2. Which type of VPN you are using ? site-to-site VPN or client-to-site VPN ?

r0ck
0
ShenAuthor Commented:
client to site vpn.
we don't want any access from the outside(internet) to the inside (192.168.0.0/24) network except vpn. We just need to forward emails notifications out from the inside network out to the internet. I will try this through ASDM. If possible could you please provide detail acces list (inside and outside) example code.
0
ShenAuthor Commented:
Hello Sou,

Through ASDM if i just add inside the access-list permit 192.168.1.0 255.255.255.0 any smtp, the  implicit deny at the end of an acl will deny everything else (like http,etc)? Would vpn be affected?
If we only want this network to send emails out (we have an application that generate events. we just want to send these events to emails. We don't want emails sent to us) , do i need the outside acl suggested?

Other than emails, we don't want the inside network internet access. We also from the outside, we only want to allow vpn.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.