cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


437
Views
5
Helpful
3
Replies
Beginner

Mail outgoing problem in ASA 5545-X(IOS version 9.0.3)

Hi,

Last week we have replaced our old firewall (ASA 5540, IOS ver:8.2.5) by ASA 5545-X IOS ver:9.0.3. Everything works fine other than outgoing mail. However, there was no issue in old firewall.

OLD Configuration(ASA 5540, IOS ver:8.2.5):
-----------------------------------------------------------
static (dmz,outside) 203.223.92.38 172.16.252.31 netmask 255.255.255.255

access-list INBOUND extended permit tcp any host 203.223.92.38 eq smtp
access-list DMZ extended permit ip host 172.16.252.31 any

NEW configuration( ASA 5545-X IOS ver:9.0.3):
-------------------------------------------------------------
object network obj-172.16.252.31
  host 172.16.252.31

object network obj-203.223.92.38
   host 203.223.92.38

nat(dmz,outside) source static obj-172.16.252.31 obj-203.223.92.38
access-list INBOUND extended permit tcp any host 172.16.252.31 eq smtp
access-list DMZ extended permit ip host 172.16.252.31 any

=========================================================

In command prompt it shows 550 5.7.1 Unable to relay. We have tried microsoft,Linux mail server, the issue is not in mail server.

In firewall log it show FIN flag from outside. Please help us to solve the issue.

 

Regards,

Mirza Rakib

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

try this.. policy-map global

try this..


 policy-map global_policy
class inspection_default
 no inspect dns preset_dns_map
 no inspect esmtp

hope its work...

 

View solution in original post

3 REPLIES 3
Participant

Try This object network obj

Try This

 

object network obj-172.16.252.31
host 172.16.252.31
nat (dmz,outside) static 203.223.92.38

access-list INBOUND extended permit tcp any host 172.16.252.31 eq smtp
access-list DMZ extended permit ip host 172.16.252.31 any

 

 

Highlighted

try this.. policy-map global

try this..


 policy-map global_policy
class inspection_default
 no inspect dns preset_dns_map
 no inspect esmtp

hope its work...

 

View solution in original post

Beginner

Thanks Mosharof it is working

Thanks Mosharof it is working after disabling the DNS inspection.

Could you know me what is the significance of this line "inspect dns preset_dns_map". In our old firewall it was there and working fine but in IOS 9.0.3 it not working.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here