SMTP Telnet attempt returns 220 ***** over IPSEC tunnel

Unanswered Question
May 18th, 2010
User Badges:

I've got a IPSEC tunnel between an ASA 5510 and a Sonicwall device.  I'm trying to install a new Exchange server behind the sonic wall for internal mail routing.  If I telnet within the sites, everything works fine, but when I try to telnet across the tunnel, I just get a 220 **************************** instead of the SMTP banner.

I've seen a lot of posts about turning off smtp fixup on a PIX, but we're currently not inspecting SMTP on the ASA, though we ARE inspecting ESMTP.  Mail to the Internet through the ASA works without issue, and mail from the Internet to a pre-existing server behind the Sonicwall also works without issue, so it's definitely just a problem over this tunnel.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajobrien5 Tue, 05/18/2010 - 10:19
User Badges:

So, it turns out the CLI on the ASA 5510 hides the fact that fixup really still does exist eventhough it tells you to use inspect.  I ran a 'no fixup protocol smtp 25' just for grins, and wouldn't you know it... It took the command and fixed the problem.  *sigh*

Jay Johnston Tue, 09/07/2010 - 07:32
User Badges:
  • Cisco Employee,

The command 'no fixup protocol smtp 25' executed in version > 7.0 should do the same as the 'no inspect esmtp' command; They both should simply disable the inspection.

The 'no fixup protocol smtp 25' command isn't really hidden, but it is there to help with configuration migrations from versino 6.x to version 7 and 8.

If you see different results with 'no fixup protocol smtp 25' and 'no inspect esmtp', then you should open a TAC case for further investigation.


This Discussion

Related Content