Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Issue with ESMTP Inspect on ASA and Sophos appliance

Anyone ever experienced an issue where your Sophos appliance that sits behind the ASA firewall cannot make a TLS connection outbound due to the ESMTP inspect option?

I don't want to disable it entirely. Is there a way to create a policy map to disable ESMTP inspection for just the Sophos appliances?

1 REPLY
Silver

Re: Issue with ESMTP Inspect on ASA and Sophos appliance

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp

pix(config-pmap-c)#exit

pix(config-pmap)#exit

375
Views
0
Helpful
1
Replies