I currently have a pix 515 with a line that has conduit permit tcp host x.y.z.7 eq smtp any. I need to limit this to a block of ips instead of any, and not real sure on how to do it. Any help would be greatly appreciated
depends which way you want the access (inbound or outbound). I'd get rid of the conduit and put:
access-list outbound permit tcp host x.y.z.7 <outboundip> <mask> eq smtp
access-group outbound in interface inside
This will restrict host x.y.z.7 to only access the range of ips defined by the outboundip range.
If you want to limit incoming then change it to
access-list inbound permit tcp <outboundip> <mask> host x.y.z.7 eq smtp
access-group inbound in interface outside
this will allow only those ips listed to connect to the x.y.z.7 address using smtp. Note that this must be the external address for inbound traffic unless you've set up a vpn.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.