Re: SMTP and tcp ports
- From: News Reader <user@xxxxxxxxxxx>
- Date: Wed, 30 Apr 2008 12:04:37 -0400
Bob Simon wrote:
I have an access list applied inbound on the outside interface of a
2600 connected to the edge router. I found that I needed smtp ACEs
for both the source port and for the destination port to our exchange
server.
50 permit tcp any eq smtp host 192.168.0.20 (99012 matches)
Matching SMTP exchanges with external SMTP servers (source port 25).
This ACE would not match clients (source port >1023).
60 permit tcp any host 192.168.0.20 eq smtp log (880 matches)
This ACE currently matches clients (destination port 25). Servers were matched on the previous ACE.
If you eliminate ACE # 50, clients and servers would match ACE # 60.
Why is this? I thought inbound traffic to the server would be on
random destination ports allocated by PAT on the edge router; no?
Best Regards,
News Reader
.
- Follow-Ups:
- Re: SMTP and tcp ports
- From: Bob Simon
- Re: SMTP and tcp ports
- References:
- SMTP and tcp ports
- From: Bob Simon
- SMTP and tcp ports
- Prev by Date: Policy Based Routing on Cisco L3 Switch 3550 with IOS 12.1(22)
- Next by Date: Re: How to use CLI to change pre-shared-key on ASA: Forgot Password
- Previous by thread: SMTP and tcp ports
- Next by thread: Re: SMTP and tcp ports
- Index(es):
Relevant Pages
|
|
