access-list 1

[koshu]

Hello group,
Plz help me .I have cisco 2610 router on which i want to put acl to block all smtp connection in my network accept for my mail server how can i do that plz help me

i have 10.101.0.0/22 network
10.101.0.2,10.101.0.31 are two mail server they should get and send mails to any where.I tried this
access-list 115 deny tcp any any eq 25
access-list 115 permit tcp host 10.101.0.2 any eq 25
access-list permit tcp any host 10.101.0.2 eq 25
access-list 115 permit ip any any
but didtnt work .I was able to send the mail .but i was not recieving any mails from outside.plz help me

Thanks in advance
kaushalender

 

[ADB100]

The ACL is handled in a 'top-down' process - so the first line will make any packets from any source IP address and any source TCP Port to any destination IP address with destination TCP port 25 so your first line will effectively make the 2nd and 3rd lines useless. The packets destined for your mail servers will be denied by the first line, remember once a hit has been made the ACL is 'exited'.

Delete the ACL and re-add it as follows:

access-list 115 permit tcp host 10.101.0.2 any eq 25
access-list 115 permit tcp host 10.101.0.31 any eq 25
access-list 115 deny tcp any any eq 25
access-list 115 permit ip any any

Andy