04-12-2014 06:49 AM - edited 03-11-2019 09:04 PM
Hi,
Last week we have replaced our old firewall (ASA 5540, IOS ver:8.2.5) by ASA 5545-X IOS ver:9.0.3. Everything works fine other than outgoing mail. However, there was no issue in old firewall.
OLD Configuration(ASA 5540, IOS ver:8.2.5):
-----------------------------------------------------------
static (dmz,outside) 203.223.92.38 172.16.252.31 netmask 255.255.255.255
access-list INBOUND extended permit tcp any host 203.223.92.38 eq smtp
access-list DMZ extended permit ip host 172.16.252.31 any
NEW configuration( ASA 5545-X IOS ver:9.0.3):
-------------------------------------------------------------
object network obj-172.16.252.31
host 172.16.252.31
object network obj-203.223.92.38
host 203.223.92.38
nat(dmz,outside) source static obj-172.16.252.31 obj-203.223.92.38
access-list INBOUND extended permit tcp any host 172.16.252.31 eq smtp
access-list DMZ extended permit ip host 172.16.252.31 any
=========================================================
In command prompt it shows 550 5.7.1 Unable to relay. We have tried microsoft,Linux mail server, the issue is not in mail server.
In firewall log it show FIN flag from outside. Please help us to solve the issue.
Regards,
Mirza Rakib
Solved! Go to Solution.
04-12-2014 11:55 PM
try this..
policy-map global_policy
class inspection_default
no inspect dns preset_dns_map
no inspect esmtp
hope its work...
04-12-2014 10:42 AM
Try This
object network obj-172.16.252.31
host 172.16.252.31
nat (dmz,outside) static 203.223.92.38
access-list INBOUND extended permit tcp any host 172.16.252.31 eq smtp
access-list DMZ extended permit ip host 172.16.252.31 any
04-12-2014 11:55 PM
try this..
policy-map global_policy
class inspection_default
no inspect dns preset_dns_map
no inspect esmtp
hope its work...
04-13-2014 01:14 AM
Thanks Mosharof it is working after disabling the DNS inspection.
Could you know me what is the significance of this line "inspect dns preset_dns_map". In our old firewall it was there and working fine but in IOS 9.0.3 it not working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide