Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1449
Views
5
Helpful
1
Replies

Cisco ESA C390 Unable to connect to External and Public Domains

Glenn28
Level 1
Level 1

‎04-09-2021 06:30 PM

Hi,

Good day

 

I was trying to set-up Cisco ESA C390 in one our data center but I'm having issues establishing connections to external and public mail servers. Below is the error when I tested SMTP ping via CLI:

 

Starting SMTP test of host alt1.gmail-smtp-in.l.google.com.
Resolved 'alt1.gmail-smtp-in.l.google.com' to 142.250.138.27.
Unable to connect to 142.250.138.27.

 

What we've done so far are the following:

  1. Allowed the following ports in our firewall
    • tcp - http
    • tcp - https
    • tcp - ssh
    • tcp - smtp
    • tcp - 82-83
    • dns
    • udp - 137
  2. Set-up Forward and reverse DNS for our ESA's public IP.
  3. Add the ESA's public IP to the SPF record of our company's domain.
  4. Set-up DKIM Signing key and Signing profile and tested successfully matched to what is published in our DNS.
  5. We tried to test SMTP connectivity to other ESA within our network and the connection was ok.

Hope you can advise what other areas should we check to resolve our problem. TIA.

Regards.

Labels:
1 Reply 1

svgeorgi
Cisco Employee
Cisco Employee

‎05-03-2021 01:39 PM

May want to try the basics first as it says it can resolve the hostname (so DNS server is fine) but cannot connect to 142.250.138.27.

Have you tried to ping/traceroute that server? Do you have a default gateway configured correctly? Are there any other static routes needed for the ESA within your local network to reach the Internet?

0 Helpful
Customers Also Viewed These Support Documents