I am having trouble getting SMTP traffic to pass thru my ASA and into the Linux machine hosting my E-Mail. When I try to telnet in on port 25 it just times out. I am routing multiple other protocols into other machines without a problem, but for some reason SMTP does not make it.
To make things even more confusing, I put a firewall rule at the top of my list that said to log and allow ANY traffic comming to this ip. And when I FTP in and such I can see the logged traffic. When I send in SMTP traffic I get nothing, no logs or anything.
The only thing I can think of is that possible the CSC module has a traffic inspection rule in place and is grabbing the traffic before it gets handed down to be processed by the built in rules. Anyone have an idea on this?
You're probably running into the same thing I hit awhile back. According to TAC, the following are the concurrent connection limits on the CSC:
CSC-10: 250 HTTP, 50 FTP, 15 SMTP
CSC-20: 500 HTTP, 100 FTP, 25 SMTP
So once the SMTP process on the CSC hits 15/25 concurrent SMTP connections (csc-10/20), and once it has filled its additional queue, it just starts ignoring additional connection requests. This results in massively flaky inbound (and outbound, if you're using it) SMTP service. In my case it also resulted in the blacklisting of a customer's mail server IP due to all the undeliverables being returned to external senders. As you can imagine, it doesn't take much mail at all to hit 15 concurrent connections, especially if you're using the CSC to its fullest potential and doing pretty deep scans on SMTP connections.
Also note that any concurrent FTP, HTTP, and POP3 connections will subract from the SMTP limit as well, as this is apparently a hardware horsepower limitation and not a licensing issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...