12-05-2009 11:13 PM - edited 03-11-2019 09:45 AM
I've tried it all. no inspect esmtp. no policy map. inspect esmtp tls with banner obfuscate off. i'm out of ideas. i always get 220 ******** when telnetting to mail server from outside. tried 8.2.1.11 and 8.0.5. any ideas?
exchange 2010
cable modem -> asa5505 -> sa540 (router mode) -> mail server via static map policy for port 25 on asa5505
internal same subnet and different subnets works fine. works fine across site to site vpn. just get stupid banner when i access from outside.
policy map nat ip address is different than outside interface address. have other policy nats using 443 an 80 and they work fine.
help. thanks.
12-11-2009 09:23 AM
Without ESMTP inspection the ASA should not proxy for SMTP.
Can you do a packet capture in and out https://supportforums.cisco.com/docs/DOC-1222 and see if indeed the ASA proxies and changes these smtp packets?
PK
12-11-2009 11:59 AM
It turns out the servers / pc's was testing from were behind asa's with inspect esmtp turned on. there was nothing wrong with my asa's, for future reference.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide