10-12-2012 12:08 AM - edited 03-11-2019 05:08 PM
hello good people,
I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall) problem is that if one leaves my network they can receive but can not send email via my SMTP also internal people can only send if they use the IP address of the server rather than the domain (mail.xxxx.com) any pointers will be appreciated.
here is my layout
ISP - ASA 5510 - LAN (includes mailserver)
Kind regards
10-12-2012 12:36 AM
Hello George,
Are you using internal DNS, Could you also post the config of your ASA to have a look on the issue
regards
Harish
10-12-2012 01:32 AM
10-12-2012 02:23 AM
Hello George,
If you have public DNS , in order to access the servers hosted inside using their fqdn, then you need to have dns doctoring. but unfortunately, you are using port address translation ( not a one to one nat) which doesnt work well with dns doctoring..
I assume you can solve this issue with alias command as follows
alias (inside) 199.199.199.99
Also, for the other issue can you try to configure an SMTP inspection as follows
policy-map type inspect esmtp esmtp_map
parameters
allow-tls
policy-map global_policy
class inspection_default
inspect esmtp
Hope this helps
Regards
Harish
10-12-2012 02:30 AM
Thank you so much let me try that and get back to you
10-12-2012 03:37 AM
Still Cant Access
10-12-2012 02:32 AM
Following on from Harrison, with the latest asa software you can write a nat inside,inside rule to bounce traffic back to the internal server. What most people do though is have an internal dns that resolves to the rfc1918 ip of the server.
Sent from Cisco Technical Support iPad App
10-12-2012 03:40 AM
how do i do that?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide