Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Register Envelope Service failed over to the backup data center

Reading through the announcement located here:

https://supportforums.cisco.com/community/netpro/security/email

In my config I have a 204.15.81.x subnet configured for required TLS from a few years ago.  Is 204.15.81.0/26 no longer used for CRES?

3 REPLIES
Cisco Employee

That range is still used, but

That range is still used, but another range was added.  Here are the current IP blocks used by CRES:

208.90.57.0/26
204.15.81.0/26

 

- Jackie

New Member

Thanks Jackie, how about 184

Thanks Jackie, how about 184.94.241.96-99?

Cisco Employee

Yes - that range as well ---

Yes - that range as well --- listed in the Jan 16th posting:

Cisco Registered Envelope Service uses the following IP address range to initiate SMTP –TLS sessions:

    Active ESAs for TLS delivery: 184.94.241.96 to 184.94.241.99
    Backup ESAs for TLS delivery: 208.90.57.32 to 208.90.57.35
    Reverse DNS name .res.cisco.com

Some customers may also restrict access to Cisco’s CRES Key Server res.cisco.com.  The CRES Key Server res.cisco.com has two blocks of VIPs.  Please add them to your network devices access rules where appropriate:
    Active: 184.94.241.74 to 184.94.241.78 Port 443
    Backup: 208.90.57.15 to 208.90.57.18 Port 443

What needs to be done on the ESA?

Add the above listed IP address range and hostname to your existing sender group being used for TLS (Incoming):

1. Login to Admin UI
2. Edit your TLS sender group (naming convention would vary) under Mail Policies > Host Access Table > HAT Overview
3. Add the following IP address range and hostname:
     184.94.241.96-99 .res.cisco.com
     208.90.57.32-35 .res.cisco.com
4. Submit and commit changes

 

-Robert

268
Views
0
Helpful
3
Replies
CreatePlease login to create content