Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SMTP Telnet attempt returns 220 ***** over IPSEC tunnel

I've got a IPSEC tunnel between an ASA 5510 and a Sonicwall device.  I'm trying to install a new Exchange server behind the sonic wall for internal mail routing.  If I telnet within the sites, everything works fine, but when I try to telnet across the tunnel, I just get a 220 **************************** instead of the SMTP banner.

I've seen a lot of posts about turning off smtp fixup on a PIX, but we're currently not inspecting SMTP on the ASA, though we ARE inspecting ESMTP.  Mail to the Internet through the ASA works without issue, and mail from the Internet to a pre-existing server behind the Sonicwall also works without issue, so it's definitely just a problem over this tunnel.


Everyone's tags (5)
New Member

Re: SMTP Telnet attempt returns 220 ***** over IPSEC tunnel

So, it turns out the CLI on the ASA 5510 hides the fact that fixup really still does exist eventhough it tells you to use inspect.  I ran a 'no fixup protocol smtp 25' just for grins, and wouldn't you know it... It took the command and fixed the problem.  *sigh*

Cisco Employee

Re: SMTP Telnet attempt returns 220 ***** over IPSEC tunnel

The command 'no fixup protocol smtp 25' executed in version > 7.0 should do the same as the 'no inspect esmtp' command; They both should simply disable the inspection.

The 'no fixup protocol smtp 25' command isn't really hidden, but it is there to help with configuration migrations from versino 6.x to version 7 and 8.

If you see different results with 'no fixup protocol smtp 25' and 'no inspect esmtp', then you should open a TAC case for further investigation.