Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

outbound access-list help

Status
Not open for further replies.

tamray

IS-IT--Management
Feb 8, 2005
43
US
I have a remote school with a big spam type virus problem going, and they do not have anyone on-site that can deal with the issue. I have access to their router, and need to provide a temporary fix by adding an outbound access-list that only allows outbound smtp (only to their off-site mail server), www, ftp, and 3389 .

Info:
Their mail server is off-site
The router is a 3640
Outside interface is F0/1
Need to be sure the acl does not accidentally block my telnet sessions to F0/0
 
In the access-group of F0/1 like:
ip access-group F0/1-IN in
you should add these lines:

permit tcp any host (outside ip address) eq smtp
permit tcp any host (outside ip address) eq www
permit tcp any host (outside ip address) eq ftp
permit tcp any host (outside ip address) eq 3389
deny ip any any log

 
I think tamray wants outbound to fit these acl's, not inbound...what is the inbound interface facing the inside network? This is the interface to which you apply the acl's in the outbound direction.

Burt
 
F0/0 has a public IP and faces their LAN. F0/1 faces our WAN.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top