Yes - that range as well ---

Jason Meyer · ‎02-03-2014

Reading through the announcement located here:

https://supportforums.cisco.com/community/netpro/security/email

In my config I have a 204.15.81.x subnet configured for required TLS from a few years ago. Is 204.15.81.0/26 no longer used for CRES?

Jacqueline Fleming · ‎03-12-2014

That range is still used, but another range was added. Here are the current IP blocks used by CRES:

208.90.57.0/26
204.15.81.0/26

- Jackie

Jason Meyer · ‎03-24-2014

Thanks Jackie, how about 184.94.241.96-99?

Robert Sherwin · ‎03-24-2014

Yes - that range as well --- listed in the Jan 16th posting:

Cisco Registered Envelope Service uses the following IP address range to initiate SMTP –TLS sessions:

   Active ESAs for TLS delivery: 184.94.241.96 to 184.94.241.99
   Backup ESAs for TLS delivery: 208.90.57.32 to 208.90.57.35
   Reverse DNS name .res.cisco.com

Some customers may also restrict access to Cisco’s CRES Key Server res.cisco.com. The CRES Key Server res.cisco.com has two blocks of VIPs. Please add them to your network devices access rules where appropriate:
Active: 184.94.241.74 to 184.94.241.78 Port 443
Backup: 208.90.57.15 to 208.90.57.18 Port 443

What needs to be done on the ESA?

Add the above listed IP address range and hostname to your existing sender group being used for TLS (Incoming):

1. Login to Admin UI
2. Edit your TLS sender group (naming convention would vary) under Mail Policies > Host Access Table > HAT Overview
3. Add the following IP address range and hostname:
184.94.241.96-99 .res.cisco.com
208.90.57.32-35 .res.cisco.com
4. Submit and commit changes

-Robert

Cheers,
Robert Sherwin

Cisco Register Envelope Service failed over to the backup data center