alow-tls

Answered Question

Hi, I have a PIX 515E and a Windows SMTP Server in a DMZ, and I need send to some customers encrypted emails using TLS. I read in a Cisco documentation that I need enable it if use inspect esmtp:

policy-map type inspect esmtp esmtp_tls_enable

parameters

allow-tls

!

policy-map global_policy

class inspection_default

inspect esmtp esmtp_tls_enable

Now, when I do it, TLS work fine and I can send encrypted email but for unknown reason I can't send o receive non encrypted emails from other customers.

We can help me with this issue?

Thanks,

I have this problem too.
0 votes
Correct Answer by vitripat about 8 years 8 months ago

I'm glad, could help you.

Regards,

Vibhor.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
vitripat Sat, 05/17/2008 - 19:12

I think the issue here is with the some EHLO parameter which is not supported by ASA. Try adding following commands-

policy-map type inspect esmtp esmtp_tls_enable

match ehlo-reply-parameter others

mask

Clear the mail server connections through ASA and check if mails work now.

How this helps.

Regards,

Vibhor.

Hi Victor, thanks for your reply, I've done it and it work fine. Now I can send emails using TLS and regular emails.

The final configuration is:

policy-map type inspect esmtp esmtp_tls_enable

parameters

allow-tls

match ehlo-reply-parameter others

mask

!

policy-map global_policy

class inspection_default

inspect esmtp esmtp_tls_enable

Best regards,

Correct Answer
vitripat Fri, 05/23/2008 - 14:03

I'm glad, could help you.

Regards,

Vibhor.

Actions

This Discussion