TLS issue with ASA 5505

Answered Question
Aug 18th, 2010

We now need to use TLS in Outlook 2010 for email - according to the provider we only need port 995 open. Have that open to all systems, but we get "The  computer does not support the encryption type" error. Move the system outside the firewall and it works perfectly. Any idea what needs to be allowed through to support TLS encryption? Thanks!

I have this problem too.
0 votes
Correct Answer by praprama about 6 years 3 months ago

Hi,

Please look at the below link for more details on this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml#esmtp

If you are running a version older than 8.0(3) on the ASA, you will need to disable esmtp inspection if you have it. If you are running 8.0(3) or later, you will have to create a Layer 7 classmap/policy-map and specify an action of "allow-tls" as given in the below link.

If you do not have inspection for esmtp configured, we will need to get captures in both the situations and compare those. Hope this helps.

All the best!!

Regards,

Prapanch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
praprama Wed, 08/18/2010 - 17:17

Hi,

Please look at the below link for more details on this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml#esmtp

If you are running a version older than 8.0(3) on the ASA, you will need to disable esmtp inspection if you have it. If you are running 8.0(3) or later, you will have to create a Layer 7 classmap/policy-map and specify an action of "allow-tls" as given in the below link.

If you do not have inspection for esmtp configured, we will need to get captures in both the situations and compare those. Hope this helps.

All the best!!

Regards,

Prapanch

jdrose_2 Thu, 08/19/2010 - 14:37

Hi Prapanch,

That worked perfectly - it was the esmtp inspection. Thanks for your help!

Actions

This Discussion