02-03-2014 02:25 PM
Reading through the announcement located here:
https://supportforums.cisco.com/community/netpro/security/email
In my config I have a 204.15.81.x subnet configured for required TLS from a few years ago. Is 204.15.81.0/26 no longer used for CRES?
03-12-2014 04:28 PM
That range is still used, but another range was added. Here are the current IP blocks used by CRES:
208.90.57.0/26
204.15.81.0/26
- Jackie
03-24-2014 02:03 PM
Thanks Jackie, how about 184.94.241.96-99?
03-24-2014 05:47 PM
Yes - that range as well --- listed in the Jan 16th posting:
Cisco Registered Envelope Service uses the following IP address range to initiate SMTP –TLS sessions:
Active ESAs for TLS delivery: 184.94.241.96 to 184.94.241.99
Backup ESAs for TLS delivery: 208.90.57.32 to 208.90.57.35
Reverse DNS name .res.cisco.com
Some customers may also restrict access to Cisco’s CRES Key Server res.cisco.com. The CRES Key Server res.cisco.com has two blocks of VIPs. Please add them to your network devices access rules where appropriate:
Active: 184.94.241.74 to 184.94.241.78 Port 443
Backup: 208.90.57.15 to 208.90.57.18 Port 443
What needs to be done on the ESA?
Add the above listed IP address range and hostname to your existing sender group being used for TLS (Incoming):
1. Login to Admin UI
2. Edit your TLS sender group (naming convention would vary) under Mail Policies > Host Access Table > HAT Overview
3. Add the following IP address range and hostname:
184.94.241.96-99 .res.cisco.com
208.90.57.32-35 .res.cisco.com
4. Submit and commit changes
-Robert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: