How can I allow only certain IP's to connect 2

BobSchleicher · Jun 28, 2007

Currently I have this statement:
access-list 102 permit tcp any host MAILSERVER eq smtp

Obviously this allows anyone to send me email but I only want to accept email from certain IP's.
How can I put in a bunch of ranges?
Assume these are the ranges given.
10.10.1.0 / 255.255.255.0
10.10.2.0 / 255.255.255.0
10.10.3.0 / 255.255.255.0

Thanks,
BobSchleicher

normntwrk · Jun 28, 2007

Try :

no access-list 102 permit tcp any host MAILSERVER eq smtp
access-list 102 tcp 10.10.1.0 255.255.255.0 host MAILSERVER eq smtp

access-list 102 tcp 10.10.2.0 255.255.255.0 host MAILSERVER eq smtp

access-list 102 tcp 10.10.3.0 255.255.255.0 host MAILSERVER eq smtp

BobSchleicher · Jun 29, 2007

Thanks that did it.

BobSchleicher

geeksquad · Jun 29, 2007

Probably a easier and scalable solution for future changes would be :

object-group network incoming-mail
network-object 10.10.1.0 255.255.255.0
network-object 10.10.2.0 255.255.255.0
network-object 10.10.3.0 255.255.255.0

access-list 102 permit tcp object-group incoming-mail host MAILSERVER eq smtp

then all you have to do is just add and remove hosts/networks in the object-group

BobSchleicher · Jun 29, 2007

Another great solution.

Thanks,

BobSchleicher

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

How can I allow only certain IP's to connect 2

BobSchleicher

MIS

normntwrk

MIS

BobSchleicher

MIS

geeksquad

ISP

BobSchleicher

MIS

Similar threads

Part and Inventory Search

Sponsor