Great thanks. I did that at my last gig. I'm amazed at the config but am working to tighten things. New to ASA so it's a little slow going. Apologies for my ignorance here.
Under access rules, I see Outside, and those rules are limited and seem correct. Then I see Inside (incoming) with a few rules, and another Inside (outgoing) with a few rules. What's the difference? From: Kennedy, Jim [mailto:[email protected]] Sent: Tuesday, January 08, 2013 11:00 AM To: NT System Admin Issues Subject: RE: Cisco ASA question "Short term solution would be to restrict out smtp to our mail servers only." I think all networks should do that all the time. We do as do most others folks that I know. Basically you should see in order: Inside to outside allow smpt from your mail server. Inside to outside deny smtp from any Cisco reads them in order and stops on the first matching rule. So in the above your email server would get an allow. A desktop would not qualify on that first rule so it would move to the second rule and get denied. So if I am reading your description right I think your rules are ok. Send us the rules in order if you want. Feel free to mask the ip addresses if you want. From: Tom Miller [mailto:[email protected]] Sent: Tuesday, January 08, 2013 10:56 AM To: NT System Admin Issues Subject: Cisco ASA question Hi Folks, At a new job here. I have a few Cisco ASA. One of them, an ASA 5510, seems to be not very strict on outbound rules. I'm new to ASA (came from the Fortinet world), so any advice on setting up outbound rules? In particular we've been on spamhaus and I think there is an internal machine sending out smtp messages. Short term solution would be to restrict out smtp to our mail servers only. On the ASA | Configuration | Access Rules, I created an inside --> outside rule. Traffic from mail server out, smtp, permit. Other rule has traffic as deny. This does not seem correct, even me being new to ASA. Suggestions appreciated, Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
