cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1408
Views
0
Helpful
4
Replies

Cisco IPS SSM could not connect to SMTP host

thomas.green
Level 1
Level 1

We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?

TJ

4 Replies 4

Maykol Rojas
Cisco Employee
Cisco Employee

Hi,

Can you take some captures to see the connection from your AIP to your SMTP server? That would give us a clue of what is going on...

Mike..

Mike

Mike,

Can you be more specific on how to run the captures and what specific traffic I should be capturing?

TJ

Sure,

What I need you to capture is the SMTP packets that the sensor will send to the SMTP server when it tried to send a notification.

Depending on the location of the SMTP server, I will need you to put a capture in the ingress interface as well on the outgoing interface for this matter.

For example, if your module has an IP on the same range as the inside network, and the SMTP server is on the outside, I will need you to apply a capture (both ways server to aip-aip to server) on the inside as well on the outside on port 25 on the ASA. 

This capture should have (on the inside) the IP address of the management port of the IPS and on the outside, the translated IP.

Here is how you can take captures

https://supportforums.cisco.com/docs/DOC-1222

Mike

Mike

Check for any Antivirus in the local system where the IME is running. In my case I had the antivirus blocking the port 25.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: