Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Firewall sending emails to Ironport Internal

Hello I have a question about ASA firewall and Ironport devices.

 

What I have found lately it that ironport is showing that firewall we have here is sending over 1000 emails in a hour which is causing ironport to stop all email traffic inside and outside.  How do I find out what is causing this issue. 

IP Addresses 

My Reports

 

  

 

Sender IP Address

Hostname

Total Attempted

Stopped by Reputation Filtering  

Stopped as Invalid Recipients

Spam Detected

Virus Detected

Stopped by Content Filter

Total Threat

Clean

172.16.x.x

xxx.xxx.xxx

2,753

1,047

530

623

43

0

2,243

510

 

I have pasted a what i saw today 
I know that .local is internal communication 

Everyone's tags (1)
2 REPLIES

Hello, So you see the IP

Hello,

 

So you see the IP address of the firewall as the source of the email traffic?

 

This is a huge amount of emails so I doubt this is because of a feature such as smart-call home that allows your ASA to send traffic as an example.

 

I would think about NAT taking place and then the packet being shown as your firewall IP address before going to the IronPort box.

 

My recommendation is do captures on the interface where the Email Clients are and the interface where the IronPort sits.

 

Does it makes sense?

 

Regards,

Jcarvaja

CCIE 42930, 2xCCNP, JNCIS-SEC

For inmediate support http://iNetworks.cr

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

 Well this makes a little

 

Well this makes a little sense to me. 

I have a nat (Outside,Inside) 1 source dynamic any interface destination static nat rule in place. reason for this is the default route for my 6513 goes to a different firewall i am decomming.

What should I be looking for in the captures and are you talking about wireshark or capture ironport interface inside match tcp ......

 

Thank you for the helping me 

 

74
Views
0
Helpful
2
Replies