Accessing the SMTP from outside network through ASA 5510

mukalazisnr · ‎10-12-2012

hello good people,

I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall) problem is that if one leaves my network they can receive but can not send email via my SMTP also internal people can only send if they use the IP address of the server rather than the domain (mail.xxxx.com) any pointers will be appreciated.

here is my layout

ISP - ASA 5510 - LAN (includes mailserver)

Kind regards

Harish Balakrishnan · ‎10-12-2012

Hello George,

Are you using internal DNS, Could you also post the config of your ASA to have a look on the issue

regards

Harish

mukalazisnr · ‎10-12-2012

Thanks I have no internal DNS attached is the config

Kind Regards

Harish Balakrishnan · ‎10-12-2012

Hello George,

If you have public DNS , in order to access the servers hosted inside using their fqdn, then you need to have dns doctoring. but unfortunately, you are using port address translation ( not a one to one nat) which doesnt work well with dns doctoring..

I assume you can solve this issue with alias command as follows

alias (inside) 199.199.199.99 255.255.255.255

Also, for the other issue can you try to configure an SMTP inspection as follows

policy-map type inspect esmtp esmtp_map

parameters

allow-tls

policy-map global_policy

class inspection_default

inspect esmtp

Hope this helps

Regards

Harish

mukalazisnr · ‎10-12-2012

Thank you so much let me try that and get back to you

mukalazisnr · ‎10-12-2012

Still Cant Access

Stuart Gall · ‎10-12-2012

Following on from Harrison, with the latest asa software you can write a nat inside,inside rule to bounce traffic back to the internal server. What most people do though is have an internal dns that resolves to the rfc1918 ip of the server.

Sent from Cisco Technical Support iPad App

mukalazisnr · ‎10-12-2012

how do i do that?