PIX 501 Access Rules

Discussion in 'Cisco' started by RG, Nov 11, 2008.

  1. RG

    RG Guest

    I am publishing smtp service to the wan on the outside interface. I need to
    block a couple of ranges of ip. What would I need to do to accomplish this?

    Thanks in advance
    RG, Nov 11, 2008
    #1
    1. Advertising

  2. In article <4918ccc1$0$14316$>, RG <> wrote:

    >I am publishing smtp service to the wan on the outside interface. I need to
    >block a couple of ranges of ip. What would I need to do to accomplish this?



    access-list out2in deny tcp host X.Y.Z.W host PUBLICIP eq smtp
    access-list out2in deny tcp P.Q.R.0 255.255.255.0 host PUBLICIP eq smtp
    access-list out2in permit tcp any host PUBLICIP eq smtp
    Walter Roberson, Nov 11, 2008
    #2
    1. Advertising

  3. RG

    RG Guest

    Thanks a lot a lot that worked great. BTW.. I didn't have to put extended
    parameter.
    "Artie Lange" <> wrote in message
    news:gfc5a1$v6u$...
    > RG wrote:
    >> I am publishing smtp service to the wan on the outside interface. I need
    >> to block a couple of ranges of ip. What would I need to do to accomplish
    >> this?
    >>
    >> Thanks in advance

    >
    >
    > The ACL's are read from top down so you would need to place the deny
    > statements at the top of the config.
    >
    > access-list Internet_access_in line 2 extended deny tcp 58.10.0.0
    > 255.254.0.0 any eq smtp
    >
    > access-list Internet_access_in line 2 extended deny tcp 58.8.0.0
    > 255.254.0.0 any eq smtp
    >
    > access-list Internet_access_in line 2 extended deny tcp 124.0.0.0
    > 255.0.0.0 any eq smtp
    >
    > access-list Internet_access_in line 2 extended deny tcp 85.176.0.0
    > 255.248.0.0 any eq smtp
    >
    > access-list Internet_access_in line 2 extended deny tcp 41.0.0.0 255.0.0.0
    > any eq smtp
    >
    > access-list Internet_access_in line 2 extended deny tcp 83.0.0.0 255.0.0.0
    > any eq smtp
    >
    > access-list Internet_access_in line 2 extended deny tcp 202.0.0.0
    > 255.0.0.0 any eq smtp
    >
    >
    >
    > access-list Internet_access_in line 2 extended permit tcp any X.X.X.X eq
    > smtp
    RG, Nov 11, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mh
    Replies:
    6
    Views:
    553
    Roger L
    May 10, 2004
  2. Bill Adams
    Replies:
    4
    Views:
    4,585
    Martin Bilgrav
    Sep 25, 2004
  3. Andre
    Replies:
    7
    Views:
    678
    Andre
    Feb 20, 2005
  4. KAS
    Replies:
    2
    Views:
    5,592
  5. Replies:
    0
    Views:
    452
Loading...

Share This Page