Link to home
Start Free TrialLog in
Avatar of Patrick
Patrick

asked on

Adding Access Rules so only specific IP ranges can hit port 25

We have a Cisco ASA Firewall and Exchange 2013. We're utilizing Barracuda's cloud-based SPAM filtering solution but SPAM is still coming in outside of the SPAM filter. Barracuda recommended limiting their IP ranges being the only IPs that can hit port 25 (64.235.144.0/20 and 209.222.80.0/21).

I know enough to configure but really would love some help on adding the Access Rules on the ASA.

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Patrick Bogers
Patrick Bogers
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I would create a new network group and add the two networks to that group. Go to the existing security rule that allows inbound port 25/SMTP, and change in source IP from any to the new group that you created.

If you need further assistance, you can contact Cisco TAC or submit a Live request here in E-E.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi pstiffsae,

Check the one that is serving on port 25, it is only one (prob Default Frontend)

Cheers
Avatar of Patrick
Patrick

ASKER

Thank you for helping me get this resolved!
FYI, document this well! As someone coming in, I would expect this to be restricted at the perimeter firewall.