[c-nsp] ACL doesn't seem to filtering anything

Steve Bertrand steve at ibctech.ca
Thu Nov 26 10:06:20 EST 2009


ML wrote:
> I'm trying to block a customer from using tcp/25 by filtering inbound on
> their circuit.  When I check the counters for the ACL they don't
> increase and I can see that the customer is still able to use tcp/25
> outbound.
> 
> ACL:
> 
> access-list 143 permit tcp 23.45.67.0 0.0.0.255 host 12.23.45.25 eq smtp
> log
> access-list 143 deny   tcp 23.45.67.0 0.0.0.255 any eq smtp log
> access-list 143 permit ip any any log

Can you add a:

access-list 143 permit tcp any any eq smtp log

...at the top of the rule list to verify that they are actually coming
from the IP block in the ACL?

Steve


More information about the cisco-nsp mailing list