08-30-2013 10:15 PM - edited 03-11-2019 07:32 PM
Dear all,
Now i have problem with email ( Exchange server) , i can email out ( inside to outside ) but i cannot receive email from outside?
How can i check ASA block email ?
Which command that email SMTP ?
Best Regards,
Rechard
08-30-2013 10:23 PM
Hi,
Do you either have a Static NAT or Static PAT (Port Forward) configuration for the server so it can be reached from the public network with the destination port TCP/25 (SMTP)?
If you do have NAT configuration in place, have you allowed the traffic in the ACL that is connected to the "outside" interface?
If you want to test the ASA configurations you can use the "packet-tracer". The format would be
packet-tracer input outside tcp
Naturally replace the with some random source IP and the
There is also a change the the "inspect esmtp" configuration might cause problem. I know it did for some of our customers. You might want to try and remove it for testing
You can see if you have it configured with the command
show run policy-map
It should list all the Inspection and related configurations on the ASA.
- Jouni
08-30-2013 11:10 PM
dear Jouni,
could you check for me on this?
How can i do next step?
this the result that i got
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in y.y.y.y 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside in interface outside
access-list outside extended permit tcp any host x.x.x.x eq smtp
Additional Information:
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside,outside) source static obj-in-smtp obj-out-smtp
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
08-30-2013 11:15 PM
Hi,
Did you use the public/NAT IP address in the destination of the "packet-tracer" command?
Because at the moment the output seems to indicate that you are using the real IP address of the server as the destination since the packet drops when checking the reverse direction.
- Jouni
09-01-2013 01:40 PM
Is this a new Exchange server setup? If so, it could be a misconfiguration on the Exchange server.
09-01-2013 08:02 PM
Dear all,
Thanks you for action!
i miss NAT. now it solve .
Thanks for your help !
Best Regards,
Rechard.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: