Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 SMTP problem

Hi, I have recently purchased an ASA 5505 v7.2(2), and have been unable to send SMTP through it. The effect of the problem seems similar to other postings I've read, where disabling fixup/inspect esmtp resolves the problem. I've done this, but to no avail. When sending mail (using NAT) the ASA appears to hijack the session, and firstly block the SMTP banner, before issuing 'quit'

e.g.

Fri 2007-07-27 10:44:24: Waiting for protocol to start...

Fri 2007-07-27 10:44:24: <-- 220-*********************************************************************

Fri 2007-07-27 10:44:24: <-- *****************************************************************

Fri 2007-07-27 10:44:24: --> QUIT

If I telnet to port 25 through the ASA and issue the SMTP commands myself, it seems to work fine even though the banner is blanked out by stars (so I'm not sure if this points to the problem being something else) however I do occasionally get 'I don't understand that?' answers from our SMTP server, when I know I've issued the correct command.

I have raised this with the re-seller, however they have advised that it is a hardware problem, and that we should replace the ASA. I don't believe that this is the case, has anybody experianced similar problems, or is able to offer any advice?

Many thanks.

Richard

7 REPLIES

Re: ASA 5505 SMTP problem

We have the same version running but do not have any issues.

Does your PAT server IP have a reverse Lookup DNS Record ?

Community Member

Re: ASA 5505 SMTP problem

Hi, Thanks for the reply.

Yes, I'm PAT'ing

Outside/25 (194.221.215.98) -- 172.20.254.1/25

I'm using addresses within virtualsupplychain.com. There is a reverse pointer on 194.221.21.98 pointing to this domain.

Community Member

Re: ASA 5505 SMTP problem

Hi Richard,

You can use the following command:

no fixup protocol smtp 25

If this does not work you can try it with de ASDM -> Configuration -> Security policy -> Security policy rule -> edit the Global, Policy. Rule actions -> clear ESMTP.

That should do it.

Community Member

Re: ASA 5505 SMTP problem

Hi,

I've used :

no fixup protocol smtp 25

and

no inspect protocol smtp 25

but this doesn't seem to have affected the problem. I'm going to post a show config in this thread, which might be of interest.

Thanks for your help

Richard

Community Member

Re: ASA 5505 SMTP problem

1. Can you post your configuration of the ASA on here?

2. Can you try to telnet to your Mail server from the outside and post your responses?

Make sure you protect your passwords and other critical information.

Community Member

Re: ASA 5505 SMTP problem

Hi Bob,

Thanks for the reply. I've attached a show config as well as a test smtp session. These sometimes wrok fine, and sometimes connectivity sppears to be lost as in the case attached.

The last response logged on the mail server was 'sender ok'. the mail server appears to have not received the rest of the session data.

Thanks,

Richard

Re: ASA 5505 SMTP problem

Is the problem affecting both inbound and outbound traffic?

To mee it looks like some kind of hardware problem. You can check the logfile on the ASA and interface error counters for clues. Verify host and ASA switchport configurations and statistics.

4265
Views
0
Helpful
7
Replies
CreatePlease to create content