«

We have a pix 501, 6.3(1), using NAT to allow Internet access for all
users. We have an infected computer on our network sending mail, but
cannot locate the machine. We would like to create an access list on
the pix denying all outbound attempts on port 25 except for our
legitimate e-mail server (192.168.1.9), then check the logs for the
rogue machine making attempts to send mail.

The access-list rule is as follows:
access-list inside_out_smtp deny tcp any any eq smtp
access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp
access-group inside_out_smtp in interface inside

Our problem:
Once this rule is applied, all outbound Internet traffic stops. I feel
that I am close, but must be missing something or might have something
out of order in the configuration. Any help or suggestions are
appreciated. Thank you for your time, David.

In article <. com>, writes:
>We have a pix 501, 6.3(1), using NAT to allow Internet access for all
>users. We have an infected computer on our network sending mail, but
>cannot locate the machine. We would like to create an access list on
>the pix denying all outbound attempts on port 25 except for our
>legitimate e-mail server (192.168.1.9), then check the logs for the
>rogue machine making attempts to send mail.
>
>The access-list rule is as follows:
>access-list inside_out_smtp deny tcp any any eq smtp
>access-list inside_out_smtp permit tcp 192.168.1.9 any eq smtp

First, you need to change the order of the two statements. The permit line
should be first, the deny line should follow the permit line.
Second, you need a third line:
access-list inside_out_smtp permit ip any any

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html

Problem fixed! Thank you for your time, Dave.