Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1959
Views
0
Helpful
3
Replies

Disable esmtp Inspection for Specific Host

cer43tcent
Level 1
Level 1

‎06-05-2014 03:36 PM - edited ‎03-11-2019 09:18 PM

Hello.  Is it possible to disable esmtp inspection for a specific INSIDE host with use of a policy-map?  If so, could you provide an example configuration.
 

Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎06-06-2014 05:08 AM

Yes it is possible.  You could do something like the following:

access-list ESMTP deny ip host 1.1.1.10 any
access-list ESMTP permit ip 1.1.1.0 255.255.255.0 any

class-map CMAP
match access-list ESMTP

policy-map PMAP
class CMAP
inspect esmtp

service-policy PMAP interface inside

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

marcosespinatrigo
Level 1
Level 1
In response to Marius Gunnerud

‎08-10-2015 01:41 AM

Hi! 

In this case, besides those commands wouldn´t be necessary to disable default esmtp inspection from the by-default global-policy as well?? Like this:

policy-map global_policy
class inspection_default
no inspect esmtp

 

thanks in advance

0 Helpful

Marius Gunnerud
VIP
VIP
In response to marcosespinatrigo

‎08-21-2015 02:01 AM

You can disable default esmtp inspection like that, but cer43tcent wants to disable it for a single or specific internal addresses.  So for that you would need to define the addresses to be excluded and then define all the other addresses that are to be inspected.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card