Velocity Reviews - Computer Hardware Reviews
Home Forums Reviews Guides Newsgroups Register Search
Member Login:

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 501 Access Rules

Reply
Thread Tools

PIX 501 Access Rules

 
 
RG
Guest
Posts: n/a
 
      11-11-2008
I am publishing smtp service to the wan on the outside interface. I need to
block a couple of ranges of ip. What would I need to do to accomplish this?

Thanks in advance

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      11-11-2008
In article <4918ccc1$0$14316$>, RG <> wrote:

>I am publishing smtp service to the wan on the outside interface. I need to
>block a couple of ranges of ip. What would I need to do to accomplish this?


access-list out2in deny tcp host X.Y.Z.W host PUBLICIP eq smtp
access-list out2in deny tcp P.Q.R.0 255.255.255.0 host PUBLICIP eq smtp
access-list out2in permit tcp any host PUBLICIP eq smtp
 
Reply With Quote
 
 
 
 
RG
Guest
Posts: n/a
 
      11-11-2008
Thanks a lot a lot that worked great. BTW.. I didn't have to put extended
parameter.
"Artie Lange" <> wrote in message
news:gfc5a1$v6u$...
> RG wrote:
>> I am publishing smtp service to the wan on the outside interface. I need
>> to block a couple of ranges of ip. What would I need to do to accomplish
>> this?
>>
>> Thanks in advance
>
>
> The ACL's are read from top down so you would need to place the deny
> statements at the top of the config.
>
> access-list Internet_access_in line 2 extended deny tcp 58.10.0.0
> 255.254.0.0 any eq smtp
>
> access-list Internet_access_in line 2 extended deny tcp 58.8.0.0
> 255.254.0.0 any eq smtp
>
> access-list Internet_access_in line 2 extended deny tcp 124.0.0.0
> 255.0.0.0 any eq smtp
>
> access-list Internet_access_in line 2 extended deny tcp 85.176.0.0
> 255.248.0.0 any eq smtp
>
> access-list Internet_access_in line 2 extended deny tcp 41.0.0.0 255.0.0.0
> any eq smtp
>
> access-list Internet_access_in line 2 extended deny tcp 83.0.0.0 255.0.0.0
> any eq smtp
>
> access-list Internet_access_in line 2 extended deny tcp 202.0.0.0
> 255.0.0.0 any eq smtp
>
>
>
> access-list Internet_access_in line 2 extended permit tcp any X.X.X.X eq
> smtp

 
Reply With Quote
 
 
 
Reply

« Killed my 2600 Router - Help!? | [ASA 8.x] Site-to-site default routes stuck »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 501 Translation Exemption Rules Question kg026@yahoo.com Cisco 0 04-30-2007 02:00 PM
Cisco pix 501 vs 501-50 cdoc Cisco 6 05-20-2006 03:53 AM
rules for Cisco PIX 525 firewall rules KAS Cisco 2 10-02-2005 07:12 PM
PIX 501 <-> PIX 501 - Problem contating private networks on the inside Andre Cisco 7 02-20-2005 07:02 PM
Your thoughts on dual PIX 501 access - redundant SOHO access mh Cisco 6 05-10-2004 04:32 PM



Advertisments
 


Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57