NEWBIE HELP

[tdsrader]

I tried installing an ACL for opening an outbound only port and I shutdown internet access.

i tried the following:

access-list inside permit tcp host 10.1.30.39 any eq 9001
access-group inside in interface inside

i need to open only outbound access on 9001....any help with how this is accomplished is appreciated

 

[routerman]

One aspect of the ACL is that implict deny statment, without the list on the inside everything is allowed out. Apply a list and only traffic thats permitted by the list is allowed out, the rest is denied.

What do you want to allow out, WWW, SMTP, DNS and TCP 9001?

 

[tdsrader]

trying to allow smtp traffic outbound.

so what would the correct statment be???

 

[routerman]

Ok, first try with no ACL on inside. If that works outgoing the basic PIX config is ok.

Then you can restrict to SMTP outgoing only with:

access-list inside permit tcp host 10.1.30.39 any eq smtp
access-group inside in interface inside

However that wont allow DNS queries out, so also add:

access-list inside permit udp host 10.1.30.39 any eq 53
access-list inside permit tcp host 10.1.30.39 any eq smtp
access-group inside in interface inside