Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM problem - dropping SMTP packets

Hi,

We have a FWSM module in 6513 core switch which acts as the gateway between Vlan's.

We have an exhange server in one VLAN and now we face a connectivity problem to this server on port 25 from other VLAN's. The port is open and no restrictions are there from Acces-lists.

When we do a telnet to the server on port 25, we are not able to see the banner which exchange server returns as response and no response from the command which we type in as well. Ex: helo, mail from: mailid@domain.com, etc.,

---Output---

220 ****************************************************************************

***********************************************

--end of output---

Where as it works perfectly within the VLAN where the server exists. and we get response to the command which we type in. Ex; helo, mil from: mailid@domain.com, etc.,

---Output---

220 servername.ourdomain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Tue, 2 Oct 2007 14:04:34 +0200

--End of Output---

I aint sure what exactly is blocking the return traffic? someone please advice on this. Thanks.

2 REPLIES
Cisco Employee

Re: FWSM problem - dropping SMTP packets

The asterisk'd banner is due to the SMTP inspection in the FWSM. Turn off "inspect smtp" or "fixup protocol smtp 25" depending on what version you're running (3.x or 2.x respectively), and see how you go.

Community Member

Re: FWSM problem - dropping SMTP packets

Hello Glenn,

Thanks for the reply. I tried that on the other day and was able to see the reply. But I have a question, the fixup command should be restricting only the packets which has the commands other then those which are not part of the standard commands right? Why does this block legitimate commands as well? Do reply if you have time. Once again thanks for taking time to reply to the earlier query.

1046
Views
4
Helpful
2
Replies
CreatePlease to create content