We have been seeing some strange TLS errors for messages going to domains with MX Records in the *.iphmx.com domain recently. Whois says it belongs to "Cloud Email Security - Cisco Systems" so it would appear to be part of the Ironport Cloud Service. Some of the partner domains I ran tlsverify against came back with this:
Certificate verification failed: self signed certificate in certificate chain.
I decided to try and help out so I sent a note to the ARIN contacts for the IP network and then I got this in response:
Delivery is delayed to these recipients or distribution lists:
Not saying this is the answer, but when Cisco provision a cloud email security system for a customer they provide self signed certs for all SSL/TLS protected transactions including TLS. One of the actions the customer has to perform is to replace those self signed certs with CA signed certs (if they wish). It may be that the domains you are looking at are trials or POCs and they haven't got round to providing signed certs, or they may have decided not to have CA signed TLS certs. It is perfectly valid to use self-signed certs, with the risk that if the "other end" requires signed certs then emails will be bounced or sent over unencrypted channels, according to policy.
Guys, I have been trying to monitor ipsec tunnel peer IP and bandwidth utilization for few of our ipsec tunnel, upon doing some some research i could find below OID for the same. it wors seamlessly on single context mode, howver its not woking on mul...
It gives me great pleasure to announce that FMT 2.1 supports the migration of the Palo Alto firewall to FTD.
Tool flawlessly migrates the following component of PA configuration
Network Object and Groups
Hi All, I was building VPN firewall using two Cisco ASA 5516 boxes. I want to use single ISP shared between both ASA. I've chosen two Public IPs and configured on ASA units. I've picked another IP for VPN Load-Balancing. Does this support for S2...
Hi Everyone, hoping that someone can help me out. I just migrated my AnyConnect VPN configuration from a 5505 to 5506x FW. The configuration looks fine after checking but when client try connected to the below group-url they say that they get a...
This article is intended to be a simple example of configuring AnyConnect relevant syslog messages to be sent from the ASA to a Syslog server. The syslog server in this example is Spunk but almost any syslog server should be do the job. The ...