Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX506E 30second timer on incoming SMTP from outside interface

Hi,

I have tried to configure a PIX506e v6.3 so that incoming smtp data arriving on the outside interface is directed to a Novell groupwise email server on the inside. But it does not work. To fault find I have mimicked an incoming email by connecting a PC directly to the PIX outside interface (via crossover cable) and by using 'telnet (server IP address) 25'. The logging on PIX shows connection establishes ok, but I do not get a connection (ie a response from the server on the inside network)until exactly 30 seconds has elasped. I then connected a PC on the inside network (to eliminate the PIX and to ensure email server ok)and connected to email server all ok. I have implemented 'no fixup smtp 25' on pix. There is a definate 30 sec delay caused by something configured on the PIX. I have connected a sniffer to monitor the mail server and then compared a conversation between a PC on the inside talking to the mail server on inside and a PC on the outside to the mail server on inside and there is no difference in the traces (other than the obvious - addresses/seq numbers etc).

Has anybody got any ideas. If you have I would really appreciate some help (I've been on this hours).

Kind regards

Mark

2 REPLIES
Bronze

Re: PIX506E 30second timer on incoming SMTP from outside interfa

Hello,

This sounds like a DNS issue - your mail server you are connecting to is probably attempting to do a reverse-lookup on the IP address that is initiating to it. Inbound, this works because your hosts are either in DNS or your nameserver replies that it doesn't have an entry for it.

I would try adding a host entry on your server for whatever IP address is initiating to it (not sure if you're translating it on the pix or not), and see if that resolves the issue.

There's an outside chance that identd could be involved, but I'm betting it's DNS.

--Jason

Please rate this message if it helps resolve some or all of the issue.

New Member

Re: PIX506E 30second timer on incoming SMTP from outside interfa

Hi Jason,

The good news is I fixed the problem this morning (after a good nights sleep) by sniffing all conversations from the mail server and spotted a reverse DNS lookup trying to be performed and allowed through PIX and fixed problem.

The bad news is I have only just received your solution. However, you were spot on - well done.

Thanks for responding and I hope this solution will help others in the future.

regards

Mark

101
Views
5
Helpful
2
Replies
CreatePlease to create content