Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
818
Views
0
Helpful
1
Replies

Can't get SMTP return traffic using IOS Firewall

graham.fleming
Level 1
Level 1

‎08-13-2008 12:09 PM - last edited on ‎03-25-2019 05:40 PM by Community Manager

We just implemented a 2851 to replace an ailing 1760. It acts as a firewall with static NAT translations pointing to various internal servers.

One of those servers, a Curio email server, can no longer send email.

When we do a "sho ip inspect sessions" we see all of the port 25 traffic as half open.

All other traffic is working fine. Incoming mail is good, too.

Here is output:

Session 45B1666C (192.168.1.15:3386)=>(207.194.133.46:25) smtp SIS_OPENING

Session 45B1B8E4 (192.168.1.15:3394)=>(216.187.109.2:25) smtp SIS_OPENING

Session 45B2110C (192.168.1.15:3399)=>(198.153.162.21:25) smtp SIS_OPENING

Session 45B21994 (192.168.1.15:3391)=>(216.9.248.33:25) smtp SIS_OPENING

Session 45B16394 (192.168.1.15:3388)=>(64.233.185.114:25) smtp SIS_OPENING

Session 45B1CFA4 (192.168.1.15:3392)=>(216.9.248.33:25) smtp SIS_OPENING

Session 45B193EC (192.168.1.15:3387)=>(216.9.248.34:25) smtp SIS_OPENING

Session 45B17A54 (192.168.1.15:3393)=>(216.9.248.33:25) smtp SIS_OPENING

Session 45B1222C (192.168.1.15:3380)=>(216.9.248.34:25) smtp SIS_OPENING

Session 45B18B64 (192.168.1.15:3398)=>(209.172.37.1:25) smtp SIS_OPENING

Session 45B20B5C (192.168.1.9:1024)=>(139.142.78.11:37) udp SIS_OPENING

Session 45B14CD4 (192.168.1.15:3409)=>(66.249.93.27:25) smtp SIS_OPENING

Session 45B1888C (192.168.1.15:3407)=>(207.194.133.46:25) smtp SIS_OPENING

Session 45B216BC (192.168.1.15:3395)=>(142.32.11.114:25) smtp SIS_OPENING

Session 45B14174 (192.168.1.15:3385)=>(208.65.145.13:25) smtp SIS_OPENING

Session 45B14724 (192.168.1.15:3404)=>(208.65.144.11:25) smtp SIS_OPENING

Session 45B18E3C (192.168.1.15:3390)=>(24.71.223.11:25) smtp SIS_OPENING

------

ip inspect name fw_e10 icmp timeout 5

ip inspect name fw_e10 netshow

ip inspect name fw_e10 streamworks

ip inspect name fw_e10 udp

ip inspect name fw_e10 tcp

ip inspect name fw_e10 skinny

ip inspect name fw_e10 ftp audit-trail on

ip inspect name fw_e10 h323

ip inspect name fw_e10 realaudio

ip inspect name fw_e10 vdolive

ip inspect name fw_e10 rtsp

ip inspect name fw_e10 sip

ip inspect name fw_e10 http java-list 1

ip inspect name fw_e10 smtp

----

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎08-13-2008 02:09 PM

Double check the config. it could be outbound tcp inspection rule if you do have one, take a look here.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008064730a.shtml#intro

Otherwise you may need to: debug ip inspect smtp to capture output while sending emails.

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card