ASA 5510: Not able to send outgoing email through email client
The Lan Ip is 192.168.0.0/`16
> The Cisco ASA is connected to the internet through modem/router .
> The email server is located in the Internet and the ip is 126.96.36.199
> There is one issue which we are facing on the configuration front . The users are not able to send out emails from the outlook client (or any email client) . The logs show that the packets are being denied/dropped at the outside interface itself . I have allowed the communication with their email server : 188.8.131.52 and their internal Lan using the access rules but still the email client is not able to send out emails . They are able to receive emails through POP but they are not able to send emails from the client .
When the traffic is directed to the CSC engine then the outgoing emails are being blocked but when the firewall is being used without the CSC engine (by deleting the rule which directs the traffic to CSC engine) then the outgoing emails are being allowed to be sent
Request for advice on how to go about resolving this
logs as mentioned below
6|Nov 12 2006 20:57:29|302014: Teardown TCP connection 2298 for outside:184.108.40.206/110 to INSIDE:192.168.1.3/1595 duration 0:00:00 bytes 1294 TCP FINs
6|Nov 12 2006 20:57:28|302014: Teardown TCP connection 2292 for outside:220.127.116.11/25 to INSIDE:192.168.1.3/1593 duration 0:00:07 bytes 1720 TCP FINs
6|Nov 12 2006 20:57:28|302013: Built outbound TCP connection 2298 for outside:18.104.22.168/110 (22.214.171.124/110) to INSIDE:192.168.1.3/1595 (172.16.1.4/1909)
6|Nov 12 2006 20:57:20|302013: Built outbound TCP connection 2292 for outside:126.96.36.199/25 (188.8.131.52/25) to INSIDE:192.168.1.3/1593 (172.16.1.4/1907)
6|Nov 12 2006 20:56:50|302014: Teardown TCP connection 2278 for outside:184.108.40.206/110 to INSIDE:192.168.1.3/1590 duration 0:00:01 bytes 1294 TCP FINs
6|Nov 12 2006 20:56:49|106015: Deny TCP (no connection) from 220.127.116.11/25 to 172.16.1.4/1902 flags FIN ACK on interface outside
6|Nov 12 2006 20:56:49|302014: Teardown TCP connection 2277 for outside:18.104.22.168/25 to INSIDE:192.168.1.3/1589 duration 0:00:00 bytes 366 TCP FINs
6|Nov 12 2006 20:56:49|302013: Built outbound TCP connection 2278 for outside:22.214.171.124/110 (126.96.36.199/110) to INSIDE:192.168.1.3/1590 (172.16.1.4/1903)
6|Nov 12 2006 20:56:48|302013: Built outbound TCP connection 2277 for outside:188.8.131.52/25 (184.108.40.206/25) to INSIDE:192.168.1.3/1589 (172.16.1.4/1902)
6|Nov 12 2006 20:56:46|302014: Teardown TCP connection 2271 for outside:220.127.116.11/110 to INSIDE:192.168.1.3/1587 duration 0:00:01 bytes 1294 TCP FINs
6|Nov 12 2006 20:56:45|106015: Deny TCP (no connection) from 18.104.22.168/25 to 172.16.1.4/1898 flags FIN ACK on interface outside
6|Nov 12 2006 20:56:45|302014: Teardown TCP connection 2270 for outside:22.214.171.124/25 to INSIDE:192.168.1.3/1586 duration 0:00:00 bytes 366 TCP FINs
6|Nov 12 2006 20:56:45|302013: Built outbound TCP connection 2271 for outside:126.96.36.199/110 (188.8.131.52/110) to INSIDE:192.168.1.3/1587 (172.16.1.4/1899)
6|Nov 12 2006 20:56:44|302013: Built outbound TCP connection 2270 for outside:184.108.40.206/25 (220.127.116.11/25) to INSIDE:192.168.1.3/1586 (172.16.1.4/1898)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...