Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: egress filtering on asa5505

egress filtering on asa5505 7 years 9 months ago #29414

Hello,

I am trying to configure egress filtering to only allow outbound on 25 from my mailserver. I have no problems configuring inbound access lists, but egress are somewhat confusing to me. I just had someone get infected with a mailing virus and I'd like to eliminate the problem.

Just want to see if I'm on the right track:

access-list inside_access_outside extended permit tcp any host 192.168.1.187 eq 25
access-list inside_access_outside extended deny tcp any any outside eq 25
access-group inside_access_outside out interface inside

This would allow connections via port 25 outbound from 192.168.1.187 only and then block all others. access-group command enables it on the interface.

thanks fo rhte help
The administrator has disabled public write access.

Re: egress filtering on asa5505 7 years 9 months ago #29415

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
I think it needs to be the other way around. The first network "any" is the source and the IP address 192.168.1.187 eq 25 is the destination.

I believe you need to reverse this. You may have to apply it to the inside interface in instead of the outside interface in.
The administrator has disabled public write access.

Re: egress filtering on asa5505 7 years 9 months ago #29431

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Think skepticals is on the ball there :)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.076 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup