Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1299
Views
0
Helpful
7
Replies

ACE Normalization for SMTP Traffic

wasiimcisco
Level 1
Level 1

ā€Ž11-30-2014 10:43 PM

Hi,

 

I was facing issue with the ACE normalization and that was stopping my SMTP traffic. When i disabled it globally my SMTP traffic is working fine. But due to the audit i cannot disabled it for all the traffic. I want to disabled the normalization only for the SMTP por 25 traffic.

 

I am trying to create the L4 policy as mention below but unable to set the partameter require for to disable the normalization.

 

class-map match-any SMTP_CLASS
match port tcp eq 25

 

parameter-map type connection TCP_SMTP_MAP

no random-sequence-number
exceed-mss allow

 

 


policy-map multi-match TCP_SMTP_POLICY

 

 

What else i need to reacll in parameter-map in order to disable the normalization for SMTP traffic.

 

Pleae help.

Labels:
0 Helpful
7 Replies 7

Kanwaljeet Singh
Cisco Employee
Cisco Employee

ā€Ž12-01-2014 08:45 AM

Hi,

Normalization is enabled/disabled at interface and cannot be disabled/enabled for particular traffic. May i know what exactly is the issue? Disabling normalization is not suggested normally.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to Kanwaljeet Singh

ā€Ž12-06-2014 07:36 PM

Hi,

My email traffic is not working when passing through the ACE. When I am disabling the normalization on the interface level HTML email is working fine.

 

Due to security audit i cannot disabled it for all the tarffic. I want to only disable it for SMTP traffic. How I can achive it.

 

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to wasiimcisco

ā€Ž12-07-2014 05:50 PM

Hi Wasim,

Let me think about it and get back to you.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to Kanwaljeet Singh

ā€Ž12-08-2014 07:32 PM

Dear All,

 

Please let me know how to meet the above requirement.

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to wasiimcisco

ā€Ž12-09-2014 09:15 AM

Hi Wasim,

I don't see a way to disable normalization for a particular traffic. It will be disabled/enabled for all traffic that hits the interface. If we know why it is being denied, we can apply certain parameters which will help to resolve the issue. But we shall know why enabling normalization is affecting the traffic.

Let me know if you need my help with same.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to Kanwaljeet Singh

ā€Ž12-09-2014 08:32 PM

Hi,

I have attached the capture when normalization was enabled (not working) and capture when normalization was disabled.

 

Please review and let me know how to achive this by fine tunning the parameters.

We are seeing lot of tcp retransmission error etc.

 

I have done some research and normalization deals with the following below mentoin parameters.

 

exceed-mss-----Configure behavior if a packet exceeds MSS


random-seq-num-disable----Disable TCP sequence number randomization


reserved-bits-----Configure Reserved bits in TCP header


syn-data-----Configure behavior for a SYN packet containing data


tcp-options-----Configure TCP header options


urgent-flag-----Allow/Clear Urgent flag

 

 

 

desktop_2.zip
0 Helpful

wasiimcisco
Level 1
Level 1
In response to wasiimcisco

ā€Ž12-10-2014 08:12 PM

Hi,

 

Requesting for the reply on the above.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card