Hi, I have a new 5510 that I have enabled smtp service but when I try to telnet to the firewall port 25 the display is just garbled characters and it wont allow the connection to my server. What could I be missing in the config?
Sorry! I guess that would help, Duh!
ASA Version 7.0(6)
enable password xxx
name 192.168.7.201 server3 description Mail Server
ip address 69.15.x.x.255.255.248
ip address 192.168.7.253 255.255.255.0
no ip address
ip address 192.168.1.1 255.255.255.0
ftp mode passive
access-list External_access_in extended permit tcp interface External eq smtp host server3 eq smtp
pager lines 24
logging buffer-size 9000
logging asdm-buffer-size 512
logging asdm informational
mtu External 1500
mtu Internal 1500
mtu management 1500
asdm image disk0:/asdm506.bin
asdm history enable
arp timeout 14400
global (External) 100 188.8.131.52-184.108.40.206 netmask 255.255.255.248
global (Internal) 500 192.168.7.51-192.168.7.99 netmask 255.255.255.0
nat (Internal) 100 192.168.7.0 255.255.255.0
nat (management) 0 0.0.0.0 0.0.0.0
access-group External_access_in in interface External
route External 0.0.0.0 0.0.0.0 220.127.116.11 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.7.0 255.255.255.0 Internal
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.7.0 255.255.255.0 Internal
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
inspect dns maximum-length 512
inspect h323 h225
inspect h323 ras
service-policy global_policy global
I'm guessing you have an Exchange server behind the asa/pix. From my experiencing they don't like Cisco's SMTP fixup very much.
In global configuration mode execute following:
no inspect esmtp
I dont think your access-list entry is correct. You specified a source port of 25 and incorrect source host. And you have no static for your server.
no access-list External_access_in extended permit tcp interface External eq smtp host server3 eq smtp
access-list External_access_in extended permit tcp any host 18.104.22.168 eq smtp
static (Internal,External) tcp interface 25 192.168.7.201 25 netmask 255.255.255.255
This did not work either. I get the same response. I saw this problem once before about 5 or 6 years ago and I think it had something to do with a protocol not being enabled but I can't remember....
are u sure u have the static in the configuration now??
let's say you wnat to use the interface ip address as the public ip which corresponds to the mail server.
you need to have these two commands in the configuration :
static (inside,outside) tcp interface 25
access-l External_access_in permit tcp any interface outside eq 25
After putting in these two commands,put in"
cl xlate local
Try after that.It should work.
Thanks to all who contributed to my question. I just found out that my ISP had another route set up on my connection instead of bridging it. Now, I have to start from the beginning because I may have had it configured right at first.