cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
140
Views
0
Helpful
3
Replies
Highlighted
Beginner

Zone based firewall block smtp

i dear friends, i have exchange server 2016 and this server connect to internet via cisco router 2911, when users send mail with attachment these mail stay in queue exchange server.but when i turn of zone based firewall mails send normaly.help plz.how can i resolve thise problem?

3 REPLIES 3
Highlighted
Beginner

Re: Zone based firewall block smtp

my config out to in on zone based firewall

Zone-pair name sdm-zp-NATOutsideToInside-1
Source-Zone out-zone Destination-Zone in-zone
service-policy sdm-pol-NATOutsideToInside-1
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat--1
inspect
class class-default
drop
class-map type inspect match-all sdm-nat--1
match access-group 101
match protocol tcp
Extended IP access list 101
10 permit tcp any host 10.10.0.9 eq smtp
20 permit tcp any host 10.10.0.9 eq 443

10.10.0.9 ip adress exchange server

Highlighted
Cisco Employee

Re: Zone based firewall block smtp

Hi Cemil,

The issue might be occurring since you have enabled SMTP inspection in your zone-based firewall as below:

class type inspect sdm-nat--1
inspect

I would request to disabled the inspection in your zone-based firewall and hopefully it will help resolve your issue.
You can refer to below article for details on inspection zone-based firewall:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/15-mt/sec-data-zbf-15-mt-book/sec-zone-pol-fw.html

I hope the above information helps.

Cheers,
Pratham
Highlighted
Beginner

Re: Zone based firewall block smtp

Thank for link but i read.i can not understant what is incorrect on my config.because some domain i can send mail with attachment some i cannot.on my config i have not filter.and what blocked send mail