Link to home
Start Free TrialLog in
Avatar of tmaususer
tmaususerFlag for United States of America

asked on

Configuring Port Access on Cisco ASA

Our ISP is requiring us to switch our SMTP traffic from port 25 to port 587.  I wanted to permit this on my firewall, so I simply mimicked the configuration for port 25.  Would this work?

access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq smtp
static (inside,outside) tcp interface smtp xxx.xxx.xxx.xxx smtp netmask 255.255.255.255

access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 587
static (inside,outside) tcp interface 587 xxx.xxx.xxx.xxx 587 netmask 255.255.255.255
SOLUTION
Avatar of SIM50
SIM50
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pete Long
Agreed, Assuming your mail server is set to receive email on TCP 587? If not you might want to use the following instead;

access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 587
static (inside,outside) tcp interface 587 xxx.xxx.xxx.xxx 25 netmask 255.255.255.255


Regards,

Pete
Avatar of tmaususer

ASKER

Someone claims they are not seeing traffic sent on port 587, and has asked us to prove it is not an issue on our firewall.  We are receiving traffic on port 587.  

Would there be additional steps after opening the port such as setting some kind of authentication or encryption in the firewall for port 587?
Pete,
Yes, it is set to receive mail on port 587.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial