ip inspect name WEB http
ip inspect name WEB ftp
ip inspect name WEB smtp
ip inspect name WEB tcp
ip inspect name WEB udp
ip inspect name SMTP smtp
On your external ACL, you must have an opening to allow SMTP in - there is no way CBAC can automatically do this for you as traffic is first processed by the ACL and must pass. So once the SMTP traffic is allowed
in, it is passed to the inspection list SMTP, which applys SMTP protocol-based inspection (and opens up any ACLs if necessary - in this
example this function is not required).
Note that in this example you could place the SMTP inspection list on the internal interface in the outbound direction as well. This is a better placement option if you had say a DMZ interface that was also
receiving SMTP mail for the internal SMTP server, as you would only require a single inspection point (outbound on the internal interface)
rather than inbound on the external and DMZ interfaces.
推荐阅读
- Cisco 2511路由器的PPP配置
- CISCOPRO2509/2511IP拨号上网配置
- 623251开头是什么银行
- gb25190是什么牛奶 关于牛奶的介绍
- gb2590和gb259区别
- 小米12510版本怎么样
- 排列31524的逆序列是多少