U>I am wanting to filter outbound traffic from my users so that my core U>is protected (only allow http to webserver, smtp/pop to mail server, U>dns to nameserver, no telnet, etc)............... U>If anyone has an example IP filter that would be really cool, so I U>could have something to work off of. Also if you could show me how U>you applied it to users in RADIUS that would be good too. U>Appreciate it, U>Brian Brian, Here you go: Filtername - email.in #filter IP: 010 AND src-addr = 199.178.136.0/24; 020 ACCEPT dst-addr = 199.178.136.0/24; 030 DENY; Fintername - email.out #filter IP: 010 AND src-addr = 199.178.136.0/24; 020 ACCEPT dst-addr = 199.178.136.0/24; 030 DENY; Then in RADIUS in the FRAMED_FILTER_ID field we put "email" as the filter. In the case of the above filters the IP pool, webserver, and E- mail server all reside within the same class c address. Jeff Binkley ASA Network Computing CMPQwk 1.42-21 9999 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.