I'm trying to block a customer from using tcp/25 by filtering inbound on their circuit. When I check the counters for the ACL they don't increase and I can see that the customer is still able to use tcp/25 outbound.

ACL:

access-list 143 permit tcp 23.45.67.0 0.0.0.255 host 12.23.45.25 eq smtp log
access-list 143 deny   tcp 23.45.67.0 0.0.0.255 any eq smtp log
access-list 143 permit ip any any log

Interface Config:

interface GigabitEthernet1/5
 ip address 56.78.90.12 255.255.255.252
 ip access-group 143 in
 ip verify unicast source reachable-via rx
 no ip redirects
 no ip proxy-arp
 ip route-cache flow
 no cdp enable
 no mop enabled

I just want allow them to use our Smarthost and block all other SMTP.


Any thoughts on this one?


_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to