Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1268
Views
0
Helpful
1
Replies

ZBF - SMTP issue

fernandoseidler
Level 1
Level 1

‎05-30-2011 10:17 AM - edited ‎03-11-2019 01:40 PM

Hi,

My ZBF is dropping some SMTP packets, and allowing others...even though they're allowed.

My ZBF (SMTP) configuration:

class-map type inspect match-all c_servidoressmtp
description Class Map allowing SMTP Access
match access-group name ACL_SMTP
match protocol smtp

policy-map type inspect p_EXTtoSRV
class type inspect c_servidoressmtp
  inspect

ip access-list extended ACL_SMTP
remark ACL SMTP SERVERS
permit ip any host 200.19.105.193


Log's:

May 30 13:59:18 udesc-servidores/udesc-servidores 2809973: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:46013 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809974: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:61800 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809976: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 46 tcp packets were dropped from 74.125.82.45:44331 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809980: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 4 tcp packets were dropped from 201.23.81.230:44768 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809989: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 1 tcp packet were dropped from 209.85.213.185:38750 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)

#sh policy-map type inspect zone-pair zp_EXTtoSRV

Class-map: c_servidoressmtp (match-all)
      Match: access-group name ACL_SMTP
      Match: protocol smtp
         
   Inspect
        Packet inspection statistics [process switch:fast switch]
        tcp packets: [111655:55981644]
         
        Session creations since subsystem startup or last reset 1142351
        Current session counts (estab/half-open/terminating) [20:0:0]
        Maxever session counts (estab/half-open/terminating) [181:52:50]
        Last session created 00:00:04
        Last statistic reset never
        Last session creation rate 28
        Maxever session creation rate 610
        Last half-open session total 0
        TCP reassembly statistics
        received 0 packets out-of-order; dropped 0
        peak memory usage 0 KB; current usage: 0 KB
        peak queue length 0

Anyone have any idea?

Thanks,

Fernando

Labels:
0 Helpful
1 Reply 1

Ronaldo Renato Punzalan
Cisco Employee
Cisco Employee

‎06-14-2011 12:16 PM

The public smtp server might be using ESMTP rather than SMTP. If so, use "match protocol smtp extended" instead. If that's not it, you might want to open a TAC case to investigate further.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card