Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Users unable to access external email servers ASA even with inspect esmtp removed

Hi All. I have a issue that i am at a loss as how to slove it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.

I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some reseach and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.

Of note is that i can send emails without atachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.

I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3. I would really appreciate some insite into solving this problem.

My Firewall config is atached. I am at my witts end as to what elese to try. The company has not renewed support for the device so i am on my own here! I would really appreciate you help.

Marlon

Everyone's tags (4)
2 REPLIES
Cisco Employee

Users unable to access external email servers ASA even with insp

Hi Marlon,

Do you see any syslogs in ASDM for this traffic when a connection fails? That will give us more information about why this is failing.

-Mike

New Member

Users unable to access external email servers ASA even with insp

Thanks for the response Mirober2

I found a work around for the problem. I  looked at the issue from the end point and found that windows 7 handles tcp windowing diffrently than previous OS's. I still think there is an issue somewhere but i am not sure where esle to look so i will work with this for now.

See note below. Thanks for your help guys.

Disable the auto tuning

Check the state or current setting of TCP Auto-Tuning

1.          Open elevated command prompt with administrator’s privileges.

2.          Type the following command and press Enter:

netsh interface tcp show global

The system will display the following text on screen, where you can check on the Auto-Tuning setting:

Querying active state…

TCP Global Parameters

———————————————-

Receive-Side Scaling State : enabled

Chimney Offload State : enabled

Receive Window Auto-Tuning Level : normal

Add-On Congestion Control Provider : none

ECN Capability : disabled

RFC 1323 Timestamps : disabled

Disable TCP Auto-Tuning

1.          Open elevated command prompt with administrator’s privileges.

2.          Type the following command and press Enter:

netsh interface tcp set global autotuning=disabled

Enable TCP Auto-Tuning

1.          Open elevated command prompt with administrator’s privileges.

2.          Type the following command and press Enter:

netsh interface tcp set global autotuning=normal

http://www.mydigitallife.info/disable-tcp-auto-tuning-to-solve-slow-network-cannot-load-web-page-or-download-email-problems-in-vista/

1038
Views
0
Helpful
2
Replies