When I have "fixup protocol smtp 25", We get thousands of errors on the smtp servers (sendmail) that say "timeout waiting for input". When I "no" the fixup, everything works great. Has anyone seen this? I have not found anything in the bug reports yet.
I to have seen this. I always use the no fixup smtp 25 command on the PIX. The fixup protocol is a good idea, but until all sendmail servers are updated or migrated to Exchange server, older sendmail servers seem to have a problem.
My company is an asp that provides online marketing using e-mail. We also use no fixup for smtp. When fixup is enabled, it blocks the standard smtp message with **********. You can test this by doing a telnet hostname 25. Without SMTP fixup, when you telnet, you will be able to view the smtp header message: 220 tester.responsys.com ESMTP Server (Microsoft Exchange Internet Mail Servic
e 5.5.2653.13) ready. Fixup masks this message and causes issue with smtp servers.
Hmm. If you mail server responds "ESMTP Server" as you posted then you shouldn't be using SMTP fixup. You are not using SMTP; you are using ESMTP. While they are compatible with each other, the fixup works in environments using SMTP.
The PIX SMTP Fixup is an implementation of IETF RFC 821 for screening SMTP traffic. It assumes that it is between two mail servers communicating via SMTP. If one of the mail servers implementation of SMTP is bad, or if the servers are using ESMTP then this fixup doesn't work.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :