Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4346
Views
5
Helpful
1
Replies

Allowing SMTP traffic for Office 365

cwhall001
Level 1
Level 1

‎04-19-2017 03:54 AM - edited ‎03-12-2019 02:14 AM

Hi

I have an issue with Allowing traffic to Office 365 through our Cisco ASA 5525-X firewall using O365 FQDNs. We have an internal vlan that needs to use O365 for emails. 

I have allowed traffic on the following ports but the traffic is being blocked- 

Incoming Mail (IMAP) Server: outlook.office365.com 993
Incoming Mail (POP) Server: outlook.office365.com 995
Outgoing Mail (SMTP) Server: smtp.office365.com 587

The ACL entry is:

access-list VLAN153_access_in line 28 extended permit object-group SVC_GROUP_SMTP 10.40.153.0 255.255.255.0 object outlook.office365.com log 6 interval 300

If I instead allow traffic on these ports to any ip4 destination the traffic is allowed:

access-list VLAN153_access_in line 28 extended permit object-group SVC_GROUP_SMTP 10.40.153.0 255.255.255.0 any4 log 6 interval 300

I've monitored the traffic and the end point IP address for the O365 addresses is resolving to the same IP addresses with both rules and is using the ports I mention above. For some reason the traffic is being dropped when I specify the fqdn in the ACL. 

Any help will be greatly appreciated :)

Thanks

Chris 



5 people had this problem
Labels:
0 Helpful
1 Reply 1

knaik
Level 1
Level 1

‎10-01-2020 03:03 AM

I am facing the same issue with ASA 5515 version 9.6(4)41. 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card