Help with ASDM 5510

mis · ‎01-19-2009

Hello,

I am in desperate need of troubleshooting my ASDM 5510 as I am not able to use it as it is intended.

We route all traffic through an ISA 2004 server and use a 3rd party solution for filtering spam. We purchased the ASDM 5510 with the CSC SSM module and want to face out the 3rd party email scanner.

The issue I currently have is that email is not able to reach the Exchange 2003 server. For testing, I configured my .net domain to route email through the ASDM. Email does not reach the exchange server.

I am enclosing a diagram of my network layout and the configuration of my ASDM.

Ultimately, I would like to keep both routes open (ISA and ASDM) for Internet access while using the SSM to filter everything. You will notice that I have two subnets in place. The ASDM's Interface in the 192 subnet is currently unplugged as VPN clients could not access any network resources when both (172 and 192) interfaces were plugged in.

Any help will be appreciated!

eddie.mitchell · ‎01-29-2009

Hello,

Your static statement and access-list entry for inbound smtp traffic looks correct to me. I would try running a capture on the inside interface of the ASA and make sure you see the smtp traffic leaving that interface destined for the exchange server.

1-'capture interface inside'

2-initiate inbound smtp traffic

3-'show capture '

4-'no capture ' when finished

You can also try enabling the ASA's logging buffer and see if there are any log entries being generated by SMTP traffic attempting to traverse the ASA.

1-'conf t'

2-'logging buffered info'

3-initiate inbound smtp traffic

4-'show log' or 'show log | grep

5- 'no logging buffered info' when finished

Hope this helps.