08-30-2007 05:35 AM - edited 03-11-2019 04:04 AM
Hi, I have recently purchased an ASA 5505 v7.2(2), and have been unable to send SMTP through it. The effect of the problem seems similar to other postings I've read, where disabling fixup/inspect esmtp resolves the problem. I've done this, but to no avail. When sending mail (using NAT) the ASA appears to hijack the session, and firstly block the SMTP banner, before issuing 'quit'
e.g.
Fri 2007-07-27 10:44:24: Waiting for protocol to start...
Fri 2007-07-27 10:44:24: <-- 220-*********************************************************************
Fri 2007-07-27 10:44:24: <-- *****************************************************************
Fri 2007-07-27 10:44:24: --> QUIT
If I telnet to port 25 through the ASA and issue the SMTP commands myself, it seems to work fine even though the banner is blanked out by stars (so I'm not sure if this points to the problem being something else) however I do occasionally get 'I don't understand that?' answers from our SMTP server, when I know I've issued the correct command.
I have raised this with the re-seller, however they have advised that it is a hardware problem, and that we should replace the ASA. I don't believe that this is the case, has anybody experianced similar problems, or is able to offer any advice?
Many thanks.
Richard
09-01-2007 12:35 AM
We have the same version running but do not have any issues.
Does your PAT server IP have a reverse Lookup DNS Record ?
09-03-2007 03:21 AM
Hi, Thanks for the reply.
Yes, I'm PAT'ing
Outside/25 (194.221.215.98) -- 172.20.254.1/25
I'm using addresses within virtualsupplychain.com. There is a reverse pointer on 194.221.21.98 pointing to this domain.
09-01-2007 05:55 AM
Hi Richard,
You can use the following command:
no fixup protocol smtp 25
If this does not work you can try it with de ASDM -> Configuration -> Security policy -> Security policy rule -> edit the Global, Policy. Rule actions -> clear ESMTP.
That should do it.
09-03-2007 03:23 AM
Hi,
I've used :
no fixup protocol smtp 25
and
no inspect protocol smtp 25
but this doesn't seem to have affected the problem. I'm going to post a show config in this thread, which might be of interest.
Thanks for your help
Richard
09-01-2007 07:26 AM
1. Can you post your configuration of the ASA on here?
2. Can you try to telnet to your Mail server from the outside and post your responses?
Make sure you protect your passwords and other critical information.
09-03-2007 03:39 AM
Hi Bob,
Thanks for the reply. I've attached a show config as well as a test smtp session. These sometimes wrok fine, and sometimes connectivity sppears to be lost as in the case attached.
The last response logged on the mail server was 'sender ok'. the mail server appears to have not received the rest of the session data.
Thanks,
Richard
09-03-2007 07:50 AM
Is the problem affecting both inbound and outbound traffic?
To mee it looks like some kind of hardware problem. You can check the logfile on the ASA and interface error counters for clues. Verify host and ASA switchport configurations and statistics.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide