Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL on router:SMTP server to be tested.

Status
Not open for further replies.
krsnavan

krsnavan

IS-IT--Management
May 21, 2008
20
0
0
AE
I want to allow SMTP,FTP,TELNET,143.icmp only from both netwrok.

And i want reply from SMTP server. if i give command "telnet 10.135.1.10 25 'to check the server otherside of the network is working.

chek the config is correct!i m able to ping both sides.but when i do "telnet 10.135.1.10 25 'to smtp server, i can not get any reply.


interface Ethernet0

ip address 10.125.0.3 255.255.240.0

access-group 101 in



!

interface Ethernet1

ip address 10.135.1.1 255.255.255.0

duplex auto

access-group 102 in


access-list 101 permit icmp 10.125.0.0 0.0.15.255 any

access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq smtp

access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq ftp

access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq www

access-list 101 permit tcp 10.125.0.0 0.0.15.255 10.135.1.0 0.0.0.255 eq 143

access-list 101 permit tcp any any eq telnet

access-list 102 permit icmp 10.135.1.0 0.0.0.255 any

access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq smtp

access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq ftp

access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq www

access-list 102 permit tcp 10.135.1.0 0.0.0.255 10.125.0.0 0.0.15.255 eq 143

access-list 102 permit tcp any any eq telnet



Vanna

 
Sort by date Sort by votes
You need to allow established connections also.

access-list 101 permit tcp any any established

and

access-list 102 permit tcp any any established


----------------------------------
Bill
 
Upvote 0 Downvote
Bill!

U r great!

I had doubt in mind whether i need to add "established" in ACL.If apply the following "access-list 101 permit tcp 10.125.0.0 0.0.15.255 any eq telnet established", will it allow the return packets when i telnet from 10.125.0.0 network?

Whether i have to add "Established" to allow SMTP,FTP, traffic.

Explain me how the "established" to be added plz.

thanx.
 
Upvote 0 Downvote
Adding the established keyword means that the acl will only allow those connections that have been established by the router already, which lets return traffic back in. Basically, it looks for the SYN bit to be set in the TCP segment.

Burt
 
Upvote 0 Downvote
This avoids the need of specifying the rules for the Outward direction!Is it correct!i already done the rules and it works fine.

Thanx U for all the help!Great work!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
68
testman1
testman1
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
75
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
103
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
93
bdk76
bdk76
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
88
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top