I am hopping that someone here has experienced this issue and can shade some lights for me! With that being said, let's get to the bottom of this. Our ASA 5510 has been in place for nearly two years, we never have any issue what so ever with it. All along the ASA has been using the default policy. Lately, we beeen getting email deferred in our Barracuda Spam firewall. Google quickly reveals that ESMTP does not play nice with Barracuda witch i disabled eventhough we haven't had any issue with it before. However, the issue remains, we still getting email deferred in the barracuda.
While doing more troubleshooting on the ASA, I constated when issue the command show local-host + IP of the Barracuda, there is an IP address in outside of the interface that can get up to 96 UDP port 53 connections with the Barracuda, this connection never get lower than 20! However, when checking the default setup for the Barracuda, i have the values below:
Incoming SMTP Timeout: 20
Message per SMTP Session : 8
Maximum SMTP Error SMTP Session: 2
Maximum Connection per Client 30m:40
My question is if that ASA show up to 96 DNS session with an outside host to my barracuda, won't that push the barracuda to play email deferred timeout ? Should I change the barracuda default setting? Or should i change the connections limits for the Barracuda in the ASA?
Any comments or suggestion will be more than appreciate,
In fact, yes Barracuda is doing DNS for exchange and Barracuda had wrong DNS server! The IP with too many outbound DNS querry is a type of our legitimate DNS server. And last, Barracuda connection sessions was less than the open connection sessions saw in the Firewall.
I have the DNS IP for proper DNS server and also increade about connection limit. It has been more than 12 hours, and I haven't seen any 'deferred' email yet! This connection limit may be the fix, I hope, but i am still monitoring.
It seems that the connection limits wasn't the root of the issue as I am still getting emails deferred/timeout. But at least now, I only have the error for incoming connection, no more outbound! This morning when analyse the log of the ASA, i found a connection to the Barracuda that only last one second(start time 08:29:17 and close time 08:29:18 ). The FW deny the connection as per below, my question here what does no connection from server meants, did the server refuse the connection????
Dec 02 2011 08:29:18 106015 Server 25 77.X.X.X 3686 Deny TCP (no connection) from Server/25 to 77.X.X.X/3686 flags RST on interface inside
Dec 02 2011 08:29:18 302014 77.X.X.X 3686 Server 25 Teardown TCP connection 223100284 for Outside:77.X.X.X/3686 to inside:Server/25 duration 0:00:01 bytes 581 TCP FINs
Dec 02 2011 08:29:17 302013 77.X.X.X 3686 Server 25 Built inbound TCP connection 223100284 for Outside:77.X.X.X/3686 (77.X.X.X/3686) to inside:Server/25 (208.x.x.x/25)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :