Solved: alow-tls

fsanchez · ‎05-16-2008

Hi, I have a PIX 515E and a Windows SMTP Server in a DMZ, and I need send to some customers encrypted emails using TLS. I read in a Cisco documentation that I need enable it if use inspect esmtp:

policy-map type inspect esmtp esmtp_tls_enable

parameters

allow-tls

!

policy-map global_policy

class inspection_default

inspect esmtp esmtp_tls_enable

Now, when I do it, TLS work fine and I can send encrypted email but for unknown reason I can't send o receive non encrypted emails from other customers.

We can help me with this issue?

Thanks,

vitripat · ‎05-23-2008

I'm glad, could help you.

Regards,

Vibhor.

View solution in original post

vitripat · ‎05-17-2008

I think the issue here is with the some EHLO parameter which is not supported by ASA. Try adding following commands-

policy-map type inspect esmtp esmtp_tls_enable

match ehlo-reply-parameter others

mask

Clear the mail server connections through ASA and check if mails work now.

How this helps.

Regards,

Vibhor.

fsanchez · ‎05-23-2008

Hi Victor, thanks for your reply, I've done it and it work fine. Now I can send emails using TLS and regular emails.

The final configuration is:

policy-map type inspect esmtp esmtp_tls_enable

parameters

allow-tls

match ehlo-reply-parameter others

mask

!

policy-map global_policy

class inspection_default

inspect esmtp esmtp_tls_enable

Best regards,

vitripat · ‎05-23-2008

I'm glad, could help you.

Regards,

Vibhor.