I have a fingerprint scanner that emails the record to a central processing facility. The traffic goes out of my workstation, through a Cisco 1800, then through the ASA. The reciever reports that the received traffic is all "XXXXXX".
I've narrowed it down to smtp inspection per: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113423-asa-esmtp-smtp-inspection.html
I don't have inspection enabled. Do I need to enable it? Please help!
Current configuration : 3329 bytes ! version 12.4
! ! ip ssh version 2 ! ! interface FastEthernet0/0 ip address x.x.40.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address x.x.37.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/0/0 switchport mode trunk ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 ip address x.x.11.1 255.255.255.0 ! interface Vlan172 ip address x.x.16.1 255.255.255.0 ip access-group 100 in ! ip route 0.0.0.0 0.0.0.0 x.x.40.4 ip route 18.104.22.168 255.255.0.0 x.x.37.4 ! ! no ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! access-list 100 deny ip x.x.16.0 0.0.0.255 x.x.11.0 0.0.0.255 access-list 100 deny ip x.x.16.0 0.0.0.255 x.x.37.0 0.0.0.255 access-list 100 remark Deny Guest VLAN to private VLANs access-list 100 deny ip x.x.16.0 0.0.0.255 22.214.171.124 0.0.255.255 access-list 100 permit ip x.x.16.0 0.0.0.255 any snmp-server community xxxxxx RO ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 logging synchronous login local line aux 0 line vty 0 4 password Wind123!! login local transport input ssh ! scheduler allocate 20000 1000 no process cpu extended no process cpu autoprofile hog end
Just to make sure you are aware. IF you enable "inspect ESMTP" then TLS will not work for the ESA. Inspect ESMTP on ASA does not allow the STARTTLS command without additional configuration therefore any incoming email will never be able to establish a TLS session to the Email Security Appliance. Best practice is to disable inspect SMTP/ESMTP on ASA and let the ESA handle TLS communications.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...