11-01-2006 01:26 AM - edited 02-21-2020 10:17 AM
Pix 7.2.0 doesn't have "inspect esmtp" line added. But, authentication when sending a mail from wan doesn't work (mail server is in DMZ). When you try it from LAN - it works without problems.
Is it possible that pix block smtp authentication from WAN to DMZ, although there is no "inspect ESMTP" ?
11-01-2006 02:31 AM
Hello,
Without the 'inspect esmtp' line there is no (e)smtp protocol checking - there would be no reason the pix would drop the smtp for protocol reasons.
I would check your lan configuration to make sure that you don't have access-list issues - normally "inside' flows to the DMZ are allowed by default because of the security levels, but WAN to DMZ (assuming WAN had a lower security level than the DMZ) would not.
--Jason
Please rate this message if it helped resolve some or all of your issue.
11-01-2006 01:45 PM
Thanks for your answer.
I found out that ISP provider installed another firewall between WAN and our LAN. This is a kind of additional security for their key users. Guess what, their support told me "inspect esmtp is *on* by default".
Some security!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: