Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

publishing SMTP on cisco ASA

Hello Everyone

I am having issues publishing SMTP via our ASA 5525.

I feel like i have everything correct but not working.  Note that we only allow SMTP outbound and inbound from a particular set of IPs.   Is there something different i need to do when publishing SMTP?

Here is what i am doing.


object-group service obj_mail_services
description This is group is for standard mail protocols
service-object tcp destination eq smtp
service-object tcp destination eq smtps
service-object tcp destination eq pop

object network obj_mail_10.2.4.70
nat (inside,outside) static 64.47.x.x

object-group network obj_Mimecast_pub
description This group lists all subnets associated with Mimecast data centers
network-object 207.211.x.0 255.255.255.0
network-object 207.211.x.0 255.255.255.0
network-object 205.139.x.0 255.255.255.0
network-object 205.139.x.0 255.255.255.0

access-list public_access extended permit object-group obj_mail_services object-group obj_Mimecast_pub object-group  obj_mail_10.2.4.70

Also note that there is another ACL on inside interface that is restricting all oubound traffic.  SMTP is allowed to the above external hosts using the same object group.

Thanks

  • Firewalling
Everyone's tags (4)
3 REPLIES

publishing SMTP on cisco ASA

Hello Jason,

The configuration looks good.

Can you do the following

packet-tracer input outside tcp 205.139.x.x 1025 64.47.x.x 25

and provide us the output

Also do

capture capin interface inside match tcp any host 10.2.4.70 eq 25

cap capout interface outside match tcp any host 64.47.x.x eq 25

Afterwards try to connect to the server and share

show cap capin

show cap capout

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

publishing SMTP on cisco ASA

Thansk for the quick response.

I am migrating rules from a different firewall and need to schedule another window.  I will do as instructed and post.

Is there any inspection that i need to disable for SMTP?  It felt like something else was wrong.  All the other rules that i migrated worked.

publishing SMTP on cisco ASA

Nope.

I mean there is an ESMTP inspection in place but as long as this is valid traffic you should not have any issues, we will determine that with the captures no worries.

Remember to subsribe on my webiste for more networking posts related to Networking at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
288
Views
0
Helpful
3
Replies
This widget could not be displayed.