Announcement

Collapse
No announcement yet.

Allow only smtp traffic from specific subnet to exchange 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allow only smtp traffic from specific subnet to exchange 2003

    I have a PIX 515E (6.3) that I want to only allow SMTP traffic to come in from specific subnets,
    I currently allow any SMTP traffic to pass thru to my exchange server.
    access-list outside_access_in permit tcp any host XXX.XXX.XXX.XXX eq smtp
    Everything works fine with this but I need to lock this down.

    The vendor that I use to scan mail has given me 2 subnets that all their outbound SMTP traffic comes from. I added these lines and removed the above line.
    access-list outside_access_in permit tcp host 216.157.255.0 host XXX.XXX.XXX.XXX eq smtp
    access-list outside_access_in permit tcp host 216.157.241.0 host XXX.XXX.XXX.XXX eq smtp
    When these lines are added I can no longer recieve external email. I have confirmed these addresses are correct.

    Any help would be appreciated.

  • #2
    Re: Allow only smtp traffic from specific subnet to exchange 2003

    you're talking about subnets, but you add hosts to you're acl.
    access-list outside_access_in permit tcp host 216.157.255.0 host XXX.XXX.XXX.XXX eq smtp
    you should use something like this:

    access-list outside_access_in permit tcp 216.157.255.0 0.0.0.255 host XXX.XXX.XXX.XXX eq smtp

    Use a wildcard instead of a subnetmask

    Oh i just found a nice article about extended acls in cisco
    http://www.sans.org/reading_room/whi...rkdevs/231.php
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Allow only smtp traffic from specific subnet to exchange 2003

      Originally posted by Dumber View Post
      access-list outside_access_in permit tcp 216.157.255.0 0.0.0.255 host XXX.XXX.XXX.XXX eq smtp

      Use a wildcard instead of a subnetmask
      Pixes use netmasks not wildcard masks. This example is correct:

      access-list outside_access_in permit tcp 216.157.255.0 255.255.255.0 host XXX.XXX.XXX.XXX eq smtp
      Thanks,
      Brian Desmond
      Microsoft MVP - Directory Services
      www.briandesmond.com

      Comment

      Working...
      X