09-04-2011 07:07 PM - edited 03-11-2019 02:20 PM
We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?
TJ
09-05-2011 07:13 PM
Hi,
Can you take some captures to see the connection from your AIP to your SMTP server? That would give us a clue of what is going on...
Mike..
09-06-2011 05:57 PM
Mike,
Can you be more specific on how to run the captures and what specific traffic I should be capturing?
TJ
09-06-2011 06:32 PM
Sure,
What I need you to capture is the SMTP packets that the sensor will send to the SMTP server when it tried to send a notification.
Depending on the location of the SMTP server, I will need you to put a capture in the ingress interface as well on the outgoing interface for this matter.
For example, if your module has an IP on the same range as the inside network, and the SMTP server is on the outside, I will need you to apply a capture (both ways server to aip-aip to server) on the inside as well on the outside on port 25 on the ASA.
This capture should have (on the inside) the IP address of the management port of the IPS and on the outside, the translated IP.
Here is how you can take captures
https://supportforums.cisco.com/docs/DOC-1222
Mike
06-15-2016 03:44 PM
Check for any Antivirus in the local system where the IME is running. In my case I had the antivirus blocking the port 25.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide