Skip to main content

egress filtering on asa5505

More
15 years 9 months ago #29414 by FiercePowahs
egress filtering on asa5505 was created by FiercePowahs
Hello,

I am trying to configure egress filtering to only allow outbound on 25 from my mailserver. I have no problems configuring inbound access lists, but egress are somewhat confusing to me. I just had someone get infected with a mailing virus and I'd like to eliminate the problem.

Just want to see if I'm on the right track:

access-list inside_access_outside extended permit tcp any host 192.168.1.187 eq 25
access-list inside_access_outside extended deny tcp any any outside eq 25
access-group inside_access_outside out interface inside

This would allow connections via port 25 outbound from 192.168.1.187 only and then block all others. access-group command enables it on the interface.

thanks fo rhte help
More
15 years 9 months ago #29415 by skepticals
Replied by skepticals on topic Re: egress filtering on asa5505
I think it needs to be the other way around. The first network "any" is the source and the IP address 192.168.1.187 eq 25 is the destination.

I believe you need to reverse this. You may have to apply it to the inside interface in instead of the outside interface in.
More
15 years 8 months ago #29431 by Smurf
Replied by Smurf on topic Re: egress filtering on asa5505
Think skepticals is on the ball there :)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.119 seconds