I am trying to configure egress filtering to only allow outbound on 25 from my mailserver. I have no problems configuring inbound access lists, but egress are somewhat confusing to me. I just had someone get infected with a mailing virus and I'd like to eliminate the problem.
Just want to see if I'm on the right track:
access-list inside_access_outside extended permit tcp any host 192.168.1.187 eq 25
access-list inside_access_outside extended deny tcp any any outside eq 25
access-group inside_access_outside out interface inside
This would allow connections via port 25 outbound from 192.168.1.187 only and then block all others. access-group command enables it on the interface.
thanks fo rhte help
Re: egress filtering on asa5505
10 years 3 weeks ago #29415