this is some more info on the config; due to customer confidentiality, I needed to rework it a bit, and state only the lines related to this problem. This extract should be enough though, I think, as there are no deny-statements anywhere. So, I ld expect the firewall to accept the request to connect to the smtp-server, and following that, allow all return-traffic for this same connection back in, as it is stateful ?!
There is no rule that permits setting up SMTP-traffiek from net3 towards the networks DMZ or outside, but this is intended: we only want people to set up connections towards the SMTP-server, and not in the other direction.
(one can see from the captured traffic that no new connection is set up anyway.)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...