01-11-2012 07:17 AM - edited 03-11-2019 03:12 PM
I've got email logging for a few specific syslog messages working and sending to an email server on the inside network. However, the source IP ends up being the DMZ interface. Is there a way to force it to use the inside IP instead?
ASA Code Version 7.22
Inside Interface IP: 10.104.36.4 Mask:255.255.255.0
DMZ IP: 10.100.20.1 Mask:255.255.255.0
SMTP Server IP: 10.100.10.100
Logging commands in config:
logging enable
logging list email-alerts message 106100
logging mail email-alerts
logging from-address ASA@xyz.com
logging recipient-address tgw@xyz.com level debugging
Thank you.
01-14-2012 08:58 AM
Hi Terry,
The ASA will automatically select the source interface based on the routing table, which is not a configurable option. This is by design as the ASA will only allow communication to an interface from hosts behind that same interface. In other words, the server won't be able to reach the inside interface if it is behind the DMZ interface.
-Mike
01-16-2012 05:17 AM
I should have secified in my original post - the mail server is behind the inside interface not the DMZ.
01-16-2012 10:50 AM
Hello Terry,
So is the SMTP server on the inside??
Can you provide a show route from your asa?
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide