Well, by default your internal devices will be able to
access anything on the outside. You don't need to open
a port for that.
Allen is correct in just shutting down the port.
Michael Le
--- "Magdy H. Ibrahim"
wrote:
> Hi Allen,
> Actually my point it hot to restrict my outbound
> POP3 from access the
> outside mail servers..
> I want to block any internal request for external
> POP3 from accessing that
> target.
>
> you got it??
> I hope you may help me in this???
>
> Magdy
>
>
> ""Allen May"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Maybe I missed the point of the question, but just
> don't open POP3 on the
> > outside interface for inbound and that will
> restrict all outside users
> from
> > using POP3. Unless inside users pass through the
> PIX to get to the POP3
> > server you won't need to add anything to the PIX
> to allow inside users
> POP3
> > (or anything else for that matter). The rest of
> the configuration for
> mail
> > server restrictions can be done at the mail server
> if you want to tighten
> it
> > down even further for inside users.
> >
> > Hope that helps.
> >
> > Allen
> >
> > ----- Original Message -----
> > From: "Magdy H. Ibrahim"
> > To:
> > Sent: Thursday, August 16, 2001 7:46 AM
> > Subject: blocking PORTS ON PIX!!! [7:16275]
> >
> >
> > > Dear All,
> > >
> > > I have a question about how to block ports on
> PIX firewall:
> > > my case is: I have mail server working behind
> PIX so I opened POP3 and
> > SMTP
> > > ports for this mail server.
> > > my mail server accessed from inside and outside
> interfaces.
> > > I want to limit my internal IP only to work with
> POP3 "using outlook
> > express
> > > or any mail client" from my mail server and deny
> any request for POP3
> from
> > > outside mail servers such as hotmail or yahoo.
> > > can I do something like that ???
> > > Please advice me ASAP...
> > > here is my shortcut of my PIX conf.:
> > > static (inside,outside) 62.21.55.68 10.0.0.21
> netmask
> > > 255.255.255.255 0 0
> > > access-group acl_in in interface inside
> > > conduit permit icmp any any
> > > conduit permit tcp host 62.21.55.66 eq smtp any
> > > conduit permit tcp host 62.21.55.66 eq pop3 any
> > >
> > > Regards,
> > >
> > > Magdy
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16312&t=16275
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
