Setting up an asa and I am not able to get the mail to flow. I have the following:
mail filter - dmz (natted to public address xx.xx.xx.167)
exch server - inside (nat to public address xx.xx.xx.168)
Mail obviously is supposed to flow from exch -> filter -> outside world and then the reverse as well. The mail makes it from exch to the filter, but then does not go any further, and the filter is not able to establish a connection with any external mail servers. Here is a log snippet:
22:07:33|302014|126.96.36.199|filter|Teardown TCP connection 180106 for outside:188.8.131.52/25 to dmz:filter/3901 duration 0:00:30 bytes 0 SYN Timeout
22:07:27|302014|184.108.40.206|filter|Teardown TCP connection 180105 for outside:220.127.116.11/25 to dmz:filter/3874 duration 0:00:30 bytes 0 SYN Timeout
22:07:03|302013|18.104.22.168|filter|Built outbound TCP connection 180106 for outside:22.214.171.124/25 (126.96.36.199/25) to dmz:filter/3901 (xx.xx.xx.167/3901)
22:07:03|106100|filter|188.8.131.52|access-list dmz_access_in permitted tcp dmz/filter(3901) -> outside/184.108.40.206(25) hit-cnt 1 first hit [0x66e89e63, 0x0]
22:06:57|302013|220.127.116.11|filter|Built outbound TCP connection 180105 for outside:18.104.22.168/25 (22.214.171.124/25) to dmz:filter/3874 (xx.xx.xx.167/3874)
22:06:57|106100|filter|126.96.36.199|access-list dmz_access_in permitted tcp dmz/filter(3874) -> outside/188.8.131.52(25) hit-cnt 1 first hit [0x66e89e63, 0x0]
I do not see any syslog entries regarding dropped/denied packets related to these connections. If you need more config info or other info, let me know.
I think the connection dies on a "SYN timeout". This means the Pix never sees the reply from the server. When you moved your server, you have to change its default gateway. It should point to the Pix's DMZ address.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...