Maybe I missed the point of the question, but just don't open POP3 on the
outside interface for inbound and that will restrict all outside users from
using POP3. Unless inside users pass through the PIX to get to the POP3
server you won't need to add anything to the PIX to allow inside users POP3
(or anything else for that matter). The rest of the configuration for mail
server restrictions can be done at the mail server if you want to tighten it
down even further for inside users.
Hope that helps.
Allen
----- Original Message -----
From: "Magdy H. Ibrahim"
To:
Sent: Thursday, August 16, 2001 7:46 AM
Subject: blocking PORTS ON PIX!!! [7:16275]
> Dear All,
>
> I have a question about how to block ports on PIX firewall:
> my case is: I have mail server working behind PIX so I opened POP3 and
SMTP
> ports for this mail server.
> my mail server accessed from inside and outside interfaces.
> I want to limit my internal IP only to work with POP3 "using outlook
express
> or any mail client" from my mail server and deny any request for POP3 from
> outside mail servers such as hotmail or yahoo.
> can I do something like that ???
> Please advice me ASAP...
> here is my shortcut of my PIX conf.:
> static (inside,outside) 62.21.55.68 10.0.0.21 netmask
> 255.255.255.255 0 0
> access-group acl_in in interface inside
> conduit permit icmp any any
> conduit permit tcp host 62.21.55.66 eq smtp any
> conduit permit tcp host 62.21.55.66 eq pop3 any
>
> Regards,
>
> Magdy
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16290&t=16275
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
