Has anyone seen this - we have at least one domain (comast.net) that we can no longer send email to since we replaced our pix 510 with a pix515e. Our connection to this e-mail server is timing out basically. I can connect manually through a telnet session sometimes but it takes several minutes to actually connect. I shut off the smtp fixup protocol, did the fix for the ident protocol, but still the connection is timing out. The pix syslog only shows a tcp connection being built, then approx 20 minutes later it is broken down with a FIN timeout. Nothing else appears for comast.net ip address. My e-mail server support points the finger at our isp. Cisco points the finger at my server. My ISP says everything is working as it should since a trace route works. Comcast.net doesn't respond to me. I am really at a loss here and just hoped that someone out there might have an idea. By the way, e-mail from that domain has no problem getting to us. We are running exchange 2000 for e-mail server. We are not doing a dmz and everything is behind the firewall. Thanks in advance for any help!
Sounds odd. Are you able to put the 510 back in and see if the problem goes away, that would quickly rule out (or point the finger at) the 515E?
Actually, I just sent two emails to email@example.com and firstname.lastname@example.org and both bounced, one with "relaying not permitted" (odd) and one with "lowest numbered MX record points to localhost" (even odder).
Comast.net's MX records actually point to two servers at uk2net.net, I think they're a little screwed up. If I try and telnet to port 25 on either of these two mail servers I get no connection and it eventually times out, if you say it's taking several minutes then my telnet is probably timing out way before that. Do you get a bounced message when you send an email, and if so, what does it say?
First of all I would like to apologize for my typo - I meant to type "comcast.net" and not "comast.net". If you would be so kind to retry your tests using the correct domain I would appreciate it greatly! And I had the same thought about putting the 510 back in just to see what would happen. Definitely a weekend job! The bounced messages that I receive from my e-mail server basically say at first that the message has been delayed, then a final very generic message that says something like the message could not be delivered. If I look in the event log on the server, it says connection dropped by remote host. Looking forward to any further input......
Comcast.net's MX record points to mx00.comcast.net, if I try and telnet to port 25 on that I get no connection, not good for an SMTP server. I can ping it, but a port scan shows only port 80 is open on it, not 25.
I sent a test email to email@example.com, haven't received a bounced message yet, but I'll wait 4 hours and see what I get (I doubt it'll get delivered though)
So you can see that the connection times out. Not sure what's going on at ComCast but they seem to not be accepting email, unless I'm missing something. Their web site has a "Contact Us" form you can fill out, have you tried sending them stuff that way to see what on earth is going on?
Thanks so much for doing this test for me! It is interesting to see that you are basically experiencing the same problems as I am. When I was working with HP, they seemed to have no problem sending e-mail through, which puzzled me. Yes, I did send them an e-mail from their web site exactly the way their tech support told me to report this, but they do not answer me. My brother just got fired from Comcast - he says their servers are too maxed out and they are having other problems as well. Maybe it is on their end. At 2 a.m. last Saturday morning somehow our server was able to send a bunch of comcast emails through that had been waiting in the queue. How strange is that??? Again, I thank you for your time, it really helped me out.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...