Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
1
Replies

Issue with ESMTP Inspect on ASA and Sophos appliance

haxworthy
Level 1
Level 1

‎07-08-2009 07:58 AM - edited ‎03-11-2019 08:52 AM

Anyone ever experienced an issue where your Sophos appliance that sits behind the ASA firewall cannot make a TLS connection outbound due to the ESMTP inspect option?

I don't want to disable it entirely. Is there a way to create a policy map to disable ESMTP inspection for just the Sophos appliances?

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎07-15-2009 05:32 AM

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp

pix(config-pmap-c)#exit

pix(config-pmap)#exit

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card