ios firewall drop ms-exchange pkt

Unanswered Question
Aug 7th, 2008
User Badges:


Can anyone tell me what IP inspections really inspect?

I have 2 sites connected through site-to-site vpn. ACL allows ip packets going through both sites. But the application level firewall still inspect the packets and droppes smtp packets between 2 private network.

I've found some paper in ms support. Here is the link.

Can anybody tell me how to configure the firewall to make exchange work between site-to-site vpn?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jmtorne Mon, 08/11/2008 - 07:34
User Badges:


I've had similar problems in the past, both with CBAC in IOS and PIX software, that were caused by the SMTP inspection engine.

If you're just trying to route SMTP traffic through the VPN, try to deactivate the SMTP inspection as follows:

(config)# no ip inspect name XXXX smtp

where XXXX is the name of the inspection (CBAC) rules.

At least that worked for me. Hope it helps!


This Discussion