Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TLS issue with ASA 5505

We now need to use TLS in Outlook 2010 for email - according to the provider we only need port 995 open. Have that open to all systems, but we get "The  computer does not support the encryption type" error. Move the system outside the firewall and it works perfectly. Any idea what needs to be allowed through to support TLS encryption? Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: TLS issue with ASA 5505

Hi,

Please look at the below link for more details on this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml#esmtp

If you are running a version older than 8.0(3) on the ASA, you will need to disable esmtp inspection if you have it. If you are running 8.0(3) or later, you will have to create a Layer 7 classmap/policy-map and specify an action of "allow-tls" as given in the below link.

If you do not have inspection for esmtp configured, we will need to get captures in both the situations and compare those. Hope this helps.

All the best!!

Regards,

Prapanch

2 REPLIES
Cisco Employee

Re: TLS issue with ASA 5505

Hi,

Please look at the below link for more details on this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml#esmtp

If you are running a version older than 8.0(3) on the ASA, you will need to disable esmtp inspection if you have it. If you are running 8.0(3) or later, you will have to create a Layer 7 classmap/policy-map and specify an action of "allow-tls" as given in the below link.

If you do not have inspection for esmtp configured, we will need to get captures in both the situations and compare those. Hope this helps.

All the best!!

Regards,

Prapanch

New Member

Re: TLS issue with ASA 5505

Hi Prapanch,

That worked perfectly - it was the esmtp inspection. Thanks for your help!

1930
Views
0
Helpful
2
Replies