Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SMTP and TLS with PIX

Running version 3.1(5) on FWSM

Is there a way to allow TLS with SMTP through the firewall without disabling SMTP statefull inspection globally?

1 REPLY
Bronze

Re: SMTP and TLS with PIX

You can do this. You'll just need to define different classes of traffic (using access-list matches) and then inspect ESMTP on certain classes. For example:

access-list traffic-with-TLS permit ip 192.168.1.0 255.255.255.0 any eq 25

access-list traffic-without-TLS deny ip 192.168.1.0 255.255.255.0 any

access-list traffic-without-TLS permit ip any any

class-map inspection_without_smtp

match access-list traffic-with-TLS

class-map inspection_default

match default-inspection-traffic

match access-list traffic-without-TLS

policy-map global_policy

class inspection_without_smtp

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect sqlnet

inspect skinny

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect esmtp

inspect sqlnet

service-policy global_policy global

137
Views
0
Helpful
1
Replies