02-03-2014 02:25 PM
Reading through the announcement located here:
https://supportforums.cisco.com/community/netpro/security/email
In my config I have a 204.15.81.x subnet configured for required TLS from a few years ago. Is 204.15.81.0/26 no longer used for CRES?
03-12-2014 04:28 PM
That range is still used, but another range was added. Here are the current IP blocks used by CRES:
208.90.57.0/26
204.15.81.0/26
- Jackie
03-24-2014 02:03 PM
Thanks Jackie, how about 184.94.241.96-99?
03-24-2014 05:47 PM
Yes - that range as well --- listed in the Jan 16th posting:
Cisco Registered Envelope Service uses the following IP address range to initiate SMTP –TLS sessions:
Active ESAs for TLS delivery: 184.94.241.96 to 184.94.241.99
Backup ESAs for TLS delivery: 208.90.57.32 to 208.90.57.35
Reverse DNS name .res.cisco.com
Some customers may also restrict access to Cisco’s CRES Key Server res.cisco.com. The CRES Key Server res.cisco.com has two blocks of VIPs. Please add them to your network devices access rules where appropriate:
Active: 184.94.241.74 to 184.94.241.78 Port 443
Backup: 208.90.57.15 to 208.90.57.18 Port 443
What needs to be done on the ESA?
Add the above listed IP address range and hostname to your existing sender group being used for TLS (Incoming):
1. Login to Admin UI
2. Edit your TLS sender group (naming convention would vary) under Mail Policies > Host Access Table > HAT Overview
3. Add the following IP address range and hostname:
184.94.241.96-99 .res.cisco.com
208.90.57.32-35 .res.cisco.com
4. Submit and commit changes
-Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide