Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6268
Views
5
Helpful
17
Replies

Allow smtp through ASA 5510

Go to solution
Vladimir Bednikov
Level 2
Level 2

‎05-01-2018 01:18 AM - edited ‎02-21-2020 07:41 AM

Hi All,

 

I have an ASA5510 running IOS 8.2. I want to experiment with allowing a server on our network to SMTP to our Office 365 exchange service. I have configured the access list on the inside interface to allow our server to telnet out on port 25. Packet-Tracer of the inside interface with our server IP and port 25 to exchange IP and port 25 is successful. Howerver, when I perform a test telnet, it eventually times out and I get a Connect Failed message. Console logging with level 6 only logs the following:

Built outbound TCP connection ####### for outside:<exchange IP>/25 (<exchange IP>/25) to inside:<server IP/<rand port> (<server IP>/rand port)

 

I have done a tcpdump on the server connected to the outside interface and it sees nothing. I have also temporarily turned off mailguard by issuing the following command:

no fixup protocol smtp 25

 

However, I have not restarted the ASA. Do I need to restart the ASA for it to take affect?

 

Edit: I have restarted the ASA 5510 and still the same result as above.

 

TIA,

Vlad

1 person had this problem
Labels:
0 Helpful
17 Replies 17

Go to solution
Vladimir Bednikov
Level 2
Level 2
In response to Vladimir Bednikov

‎05-03-2018 09:40 PM

All fixed now. All of a sudden, logging showed "failed to locate next hop for UDP from NP Identity for 65.XX.XX.138. I added a route for it to go to the ISP gateway and it is working now.

 

Cheers for the various input on how to diagnose the issue.

0 Helpful

Go to solution
Marius Gunnerud
VIP Alumni
VIP Alumni
In response to Vladimir Bednikov

‎05-03-2018 11:12 PM

Interesting.

So that IP address is not a public IP address, or it is located off a different interface than the outside interface on your ASA?  You had a default route so this is quite odd.

route outside 0.0.0.0 0.0.0.0 10.89.30.1
--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Vladimir Bednikov
Level 2
Level 2
In response to Marius Gunnerud

‎05-04-2018 12:26 AM

I think my default route is wrong. It should be pointing to our ISP gateway.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card