https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054803#M895232 <HTML><HEAD></HEAD><BODY><P>I attached the commands I entered (modified per my naming conventions) plus the output from sh run. I faked some of the IP addresses.</P><P></P><P></P><P></P><P> </P><P></P></BODY></HTML> Wed, 15 Oct 2008 00:25:22 GMT doug.dockter 2008-10-15T00:25:22Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054794#M895216 <P>Since switching ISPs and having to upgrade my PIX 515 from 7.0.2 to 7.2.4 for PPPOE support, I'm having issues receiving e-mails with attachments from a particular domain. All I see in the PIX log is the following message: Teardown TCP connection 1479120 for outside:193.246.239.75/34098 to inside:10.1.255.48/25 duration 0:16:14 bytes 87079 TCP Reset-I. I'm not sure what is causing the reset. </P> Mon, 11 Mar 2019 13:56:17 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054794#M895216 doug.dockter 2019-03-11T13:56:17Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054795#M895218 <HTML><HEAD></HEAD><BODY><P>tcp reser-i suggest a reset came from your email server.You would need to look into email server to see why it is generating the reset.</P><P></P><P>Also,you can try disabling the inspect esmtp on asa,if that's enabled.</P><P></P><P></P><P></P><P>Do rate if helpful.</P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Fri, 10 Oct 2008 20:50:13 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054795#M895218 suschoud 2008-10-10T20:50:13Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054796#M895220 <HTML><HEAD></HEAD><BODY><P>I'm going to disable esmtp to see if that will help. We use an IronPort device as our SMTP server. There have been no configuration changes on it that I'm aware of.</P></BODY></HTML> Fri, 10 Oct 2008 21:00:25 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054796#M895220 doug.dockter 2008-10-10T21:00:25Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054797#M895222 <HTML><HEAD></HEAD><BODY><P>Disabling esmtp resolved the issue. Was this a new feature of 7.0.4? Should I leave this turned off globally or is there a way to tweak the setting to not check for certain IP addresses or email domains?</P></BODY></HTML> Fri, 10 Oct 2008 21:12:49 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054797#M895222 doug.dockter 2008-10-10T21:12:49Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054798#M895224 <HTML><HEAD></HEAD><BODY><P>Here you go :</P><P></P><P>considering 4.2.2.2 is the ip address of email domain to which you are facing issues sending email :</P><P></P><P>ASA5510-Single(config)# policy-map global_policy</P><P>ASA5510-Single(config-pmap)# class inspection_default</P><P>ASA5510-Single(config-pmap-c)# no inspect esmtp</P><P>ASA5510-Single(config)# access-l 101 deny ip any host 4.2.2.2</P><P>ASA5510-Single(config)# access-l 101 permit ip any any</P><P>ASA5510-Single(config)# clas</P><P>ASA5510-Single(config)# class-map myesmtp</P><P>ASA5510-Single(config-cmap)# mat</P><P>ASA5510-Single(config-cmap)# match ac</P><P>ASA5510-Single(config-cmap)# match access-list 101</P><P>ASA5510-Single(config-cmap)# exit</P><P>ASA5510-Single(config)# poli</P><P>ASA5510-Single(config)# policy-map glo</P><P>ASA5510-Single(config)# policy-map globa</P><P>ASA5510-Single(config)# policy-map global_policy</P><P>ASA5510-Single(config-pmap)# clas</P><P>ASA5510-Single(config-pmap)# class myesmtp</P><P>ASA5510-Single(config-pmap-c)# ins</P><P>ASA5510-Single(config-pmap-c)# inspect esmtp</P><P>ASA5510-Single(config-pmap-c)#</P><P></P><P></P><P></P><P></P><P>Pretty much you specify an access rule which define what traffic should be inspected by esmtp inspect.If there is a " deny " in access list,that traffic would be bypasses from inspection engine.</P><P></P><P></P><P></P><P></P><P>Do rate if helpful.</P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Fri, 10 Oct 2008 21:53:09 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054798#M895224 suschoud 2008-10-10T21:53:09Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054799#M895226 <HTML><HEAD></HEAD><BODY><P>Thanks for the example Sushil. I am having problems receiving e-mails FROM a domain. In your example above you said it was for an issue with sending e-mails TO a domain. Would the commands be the same?</P></BODY></HTML> Mon, 13 Oct 2008 13:56:29 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054799#M895226 doug.dockter 2008-10-13T13:56:29Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054800#M895228 <HTML><HEAD></HEAD><BODY><P>Just replace :</P><P></P><P>access-l 101 deny ip any host 4.2.2.2 </P><P></P><P></P><P>with </P><P></P><P>access-l 101 deny ip host 4.2.2.2 any</P><P></P><P></P><P>4.2.2.2 -&gt; ip of the domain.</P><P></P><P></P><P></P><P>Do rate helpful posts.</P><P></P><P></P><P>Regards.</P><P>Sushil</P><P></P></BODY></HTML> Mon, 13 Oct 2008 14:07:35 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054800#M895228 suschoud 2008-10-13T14:07:35Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054801#M895230 <HTML><HEAD></HEAD><BODY><P>Not sure if there is something wrong with the configuration commands you sent or I'm doing something wrong. As soon as I enter the inspect esmtp command toward the bottom, all access to the internet seems to be blocked. </P></BODY></HTML> Mon, 13 Oct 2008 18:48:45 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054801#M895230 doug.dockter 2008-10-13T18:48:45Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054802#M895231 <HTML><HEAD></HEAD><BODY><P>the suggested commands in no way can block internet traffic.</P><P></P><P></P><P>Is access-l 101 already defined somewhere in your configuration ?</P><P></P><P>Not sure what is wrong.Can u post " sh run " command output ?</P><P></P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Mon, 13 Oct 2008 20:03:38 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054802#M895231 suschoud 2008-10-13T20:03:38Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054803#M895232 <HTML><HEAD></HEAD><BODY><P>I attached the commands I entered (modified per my naming conventions) plus the output from sh run. I faked some of the IP addresses.</P><P></P><P></P><P></P><P> </P><P></P></BODY></HTML> Wed, 15 Oct 2008 00:25:22 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054803#M895232 doug.dockter 2008-10-15T00:25:22Z https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054804#M895233 <HTML><HEAD></HEAD><BODY><P>Cisco tech support suggested the below changes and that resolved the issue.</P><P></P><P>access-list esmtp_acl extended deny tcp host 193.246.239.72 any eq 25 </P><P>access-list esmtp_acl extended deny tcp host 193.246.239.73 any eq 25 </P><P>access-list esmtp_acl extended deny tcp host 193.246.239.74 any eq 25 </P><P>access-list esmtp_acl extended deny tcp host 193.246.239.75 any eq 25 </P><P>access-list esmtp_acl extended permit tcp any any eq 25</P></BODY></HTML> Mon, 27 Oct 2008 15:22:37 GMT https://community.cisco.com/t5/network-security/tcp-reset-i-in-pix-log/m-p/1054804#M895233 doug.dockter 2008-10-27T15:22:37Z