Cisco ASA 5520 SMTP to hotmail, msn, live or outlook.com

AQUALUNGAMERICA · ‎01-02-2014

I currently have an ASA5520 running 8.4.5 IOS software. We have an Exchange 2003 SP2 system and since we have installed the ASA 5520 we have noticed issues with sending email to @hotmail.com, @msn.com, @live.com, and @outlook.com. We cannot send email to the Microsoft proprietary emails. The rest of our emails are sending but a much slower email speed than we had with our previous firewall. I have been reading that ASA firewall has issues with sending email and that the ESMTP protocol inspection may be the culprit. Has anyone else come across a similar situation. I am not a big fan of turnning off protocol inspections. Would it be best to upgrade to a version 9 of the IOS to resolve any further issues?

Any suggestions would be greatly appreciated.

Carlos

lcambron · ‎01-02-2014

Hello Carlos,

I dont think an upgrade will help, since the inspection is looking for non-RFC traffic and if the problem is that the ASA is seeing unsupported commands for SMTP, the same will happen on a different version.

Have you turned off the inspection to comfirm this is the problem?

You can tuned the inspection to allow the emails if you can find what the problem is:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_basic.html#wp1224614

Enabling log for smtp might help to find the problem:

Ex:

policy-map type inspect esmtp advanced_esmtp_map

log

policy-map outside_policy

class inspection_default

inspect esmtp advanced_esmtp_map

service-policy outside_policy interface outside

Regards,

Felipe.

Remember to rate useful posts.