Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SMTP logging filter in Cisco ASDM

Hi,

 

I have a Cisco 5510. I am using Symantec Message Labs cloud for filtering emails for SPAM. Once they are filtered, they are then sent to my ASA firewall. Apparently there are some emails after being filtered that are being forwarded to my firewall but I do not receive these emails. I would like to know how to see the incoming smtp traffic on port 25 to my firewall and furthermore is it possible to see why the smtp connection drops. Is it possible to configure/setup this through asdm as I am familiar with ASDM 8.2.

 

Any help on this please.

 

thanks.

 

2 REPLIES

Hello, Well, it can definetly

Hello,

 

Well, it can definetly be done via ASDM but I do not have one to show you step by step where to go so CLI is our friend here.

 

Basically create a Capture

cap test interface name_if (where traffic arrives) match tcp host x.x.x.x host y.y.y.y eq 25

cap test_2 interface name_if (where traffic leaves to the server) match tcp host x.x.x.x host y.y.y.y eq 25

cap asp type asp-drop all circular-buffer

 

So after you build that up generate a connection and afterwars check all of the captures

show cap test

show cap test_2

show cap asp | include y.y.y.y

 

Of course x.x.x.x is th Symantec Mail Filter and y.y.y.y the SMTP server (Note that if the traffic is recieved on an interface where there is NAT for the server then use on that interface the public IP address)

If you see a packet for the session on the ASP capture it means the FW is dropping the session.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Hi Julio, I thank you very

Hi Julio,

 

I thank you very much for your answer. I used your answer to search the internet for packet capture through ASDM, and I found some helpful answers. 

I finally used the packet capture wizard from ASDM and saved the packet capture and then inspected the capture through Wireshark. 

Wireshark showed me that my ASA correctly accepted all the smtp packets and let in the email. It was dropped elsewhere in the network.

thanks,

190
Views
4
Helpful
2
Replies
CreatePlease login to create content