FWSM-ASA-Remote tunnel


SMTP connectivity needs to be established between location 1 to 2

location 1

From FWSM to ASA the traffic goes fine

but from ASA to the location 2 the traffic from one specific segment is going other segment traffic fails...

Need clues....

location 2 :

managed by a PIX 506 where the tunel is open and looks fine


Re: FWSM-ASA-Remote tunnel

routing ok end-to-end?

ACLs permit traffic?

NAT (or no-NAT) ok?

allow ICMP and try that.

if possible get a Cisco router at each end, "debug ip icmp" and ping between them.

telnet port 25 to mail server - if thah works but mail does nto flow, it could be "fixup protocol smtp" blocking esmtp commands.

Re: FWSM-ASA-Remote tunnel

does the fixup protocol smtp 25 blocks the esmtp

does esmtp works on any random port?

Re: FWSM-ASA-Remote tunnel

esmtp is Extended SMTP, which uses more than the few basic commands of SMTP. "fixup protocol smtp" limits the allowed smtp commands to a few essential ones, blocking the unneccessary and less secure ones. Unfortunately it seems to break esmtp too.

If you mail server is on a different port you can do "fixup protocol smtp [new_port]" to apply the fixup to that port.

