alow-tls

Answered Question

Hi, I have a PIX 515E and a Windows SMTP Server in a DMZ, and I need send to some customers encrypted emails using TLS. I read in a Cisco documentation that I need enable it if use inspect esmtp:


policy-map type inspect esmtp esmtp_tls_enable

parameters

allow-tls

!

policy-map global_policy

class inspection_default

inspect esmtp esmtp_tls_enable


Now, when I do it, TLS work fine and I can send encrypted email but for unknown reason I can't send o receive non encrypted emails from other customers.


We can help me with this issue?


Thanks,

Correct Answer by vitripat about 9 years 2 months ago

I'm glad, could help you.


Regards,

Vibhor.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
vitripat Sat, 05/17/2008 - 19:12
User Badges:
  • Gold, 750 points or more

I think the issue here is with the some EHLO parameter which is not supported by ASA. Try adding following commands-


policy-map type inspect esmtp esmtp_tls_enable

match ehlo-reply-parameter others

mask


Clear the mail server connections through ASA and check if mails work now.


How this helps.


Regards,

Vibhor.


Hi Victor, thanks for your reply, I've done it and it work fine. Now I can send emails using TLS and regular emails.


The final configuration is:


policy-map type inspect esmtp esmtp_tls_enable

parameters

allow-tls

match ehlo-reply-parameter others

mask

!

policy-map global_policy

class inspection_default

inspect esmtp esmtp_tls_enable



Best regards,

Correct Answer
vitripat Fri, 05/23/2008 - 14:03
User Badges:
  • Gold, 750 points or more

I'm glad, could help you.


Regards,

Vibhor.

Actions

This Discussion