ASA Email Logging Source Interface

terrygwazdosky · ‎01-11-2012

I've got email logging for a few specific syslog messages working and sending to an email server on the inside network. However, the source IP ends up being the DMZ interface. Is there a way to force it to use the inside IP instead?

ASA Code Version 7.22

Inside Interface IP: 10.104.36.4 Mask:255.255.255.0

DMZ IP: 10.100.20.1 Mask:255.255.255.0

SMTP Server IP: 10.100.10.100

Logging commands in config:

logging enable

logging list email-alerts message 106100

logging mail email-alerts

logging from-address ASA@xyz.com

logging recipient-address tgw@xyz.com level debugging

Thank you.

mirober2 · ‎01-14-2012

Hi Terry,

The ASA will automatically select the source interface based on the routing table, which is not a configurable option. This is by design as the ASA will only allow communication to an interface from hosts behind that same interface. In other words, the server won't be able to reach the inside interface if it is behind the DMZ interface.

-Mike

terrygwazdosky · ‎01-16-2012

I should have secified in my original post - the mail server is behind the inside interface not the DMZ.

Julio Carvajal · ‎01-16-2012

Hello Terry,

So is the SMTP server on the inside??

Can you provide a show route from your asa?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC