Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1854
Views
0
Helpful
3
Replies

Problem after 8.2(4) upgrade on ASA5510

Mike McWethy
Level 1
Level 1

‎08-31-2011 02:34 PM - edited ‎03-11-2019 02:19 PM

Last weekend I upgraded the ASA5510 from 8.0.4 to 8.2.4. As of Monday, I am having a problem. We are currently using a third-party spam filtering service that forwards our email to us. I have an object group setup that contains the host addresses from this third-party firm. As of Monday, our queue time is significantly longer for receiving the emails. Upon researching my Syslog, I now notice the following entry:

%ASA-4-507003: tcp flow from outside:xxx.xxx.xxx.xxx/40074 to inside:xxx.xxx.xxx.xxx/25 terminated by inspection engine, reason - inspector disconnected, dropped packet.

Upon researching this issue, I see there is no recommended action according to the following Cisco link:

http://www.cisco.com/en/US/docs/security/asa/asa81/system/message/81logmsg.html#wp5871840

Unfortunately, I need to resolve this slow receive time issue and I can't help but imagine that the dropped packets are causing this. Does anybody have ANY ideas besides just bypassing the logging of 507003 messages that could solve my problem?

P.S I did a packet-tracer on the ASA with detailed output and it clearly completes all phases and the final action is "allow."

I never had this issue when running 8.0.4 and I have had this same configuration for the last year with no issues.

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎08-31-2011 04:29 PM

Mike

Mostlikely is your ESMTP inspection on the ASA. For troubleshooting, can you try removing it? You can do sh run policy-map and confirm if it is configured.

Mike

Mike
0 Helpful

Mike McWethy
Level 1
Level 1
In response to Maykol Rojas

‎09-01-2011 12:58 PM

I removed the "inspect esmtp" and this seems to have resolved the issue. Thanks. However, wouldn't it be ideal to have deep packet inspection for SMTP type traffic? I am using ACL's to limit who I accept SMTP traffic from, but I am not sure if this is secure enough. What are your guys' thoughts?

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Mike McWethy

‎09-01-2011 02:15 PM

Well, if you have a list of approved SMTP servers that you trust, I dont think it would be an issue, if you are expecting mails from unapproved mail servers, then yes you should do something about it.

In any case that you would like to re-enable it, would be a good idea to open a tac case so we can investigate what is the ESMTP inspection dropping.

Mike

Mike
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card