Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
0
Helpful
0
Replies

I can receive but can not send mail from my mail server to mail Google

TanLeNhat74925
Level 1
Level 1

‎11-04-2019 11:24 PM

I'm using ASA cisco 5520 with ASA version 8.0 and ASDM 7.1. My network only set DMZ and outside.

DMZ: 172.16.77.1 and Mail server: 172.16.77.100.

Outside (PPPOE): IP public get from ISP (and I have 1 IP static: X.X.X.27).

I'm browsing a lot of pages on the internet and most of them said remove estmp but it didn't work I (removed inspect estmp).

I configue on ASDM and the output CML from ASDM below:

: Saved
:
ASA Version 8.0(2) 
!
hostname FW-ASA5520
domain-name X.X.X.25
enable password KgwHsoJDrVdTCwX. encrypted
names
name 8.8.8.8 DNS-goole
name 192.168.1.2 BKpacs
name X.X.X.27 IP-Public3
name 172.16.77.100 MailWeb description Mail Web
dns-guard
!
interface GigabitEthernet0/0
 description WAN interface
 nameif Outside
 security-level 0
 pppoe client vpdn group cty-uv
 ip address pppoe 
!
interface GigabitEthernet0/1
 description Connect to Web/Internet Server
 nameif admin
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
interface GigabitEthernet0/2
 nameif DMZ
 security-level 0
 ip address 172.16.77.1 255.255.255.0 
!
interface GigabitEthernet0/3
 nameif User
 security-level 100
 ip address 192.168.6.1 255.255.255.0 
!
interface Management0/0
 nameif Mana
 security-level 100
 ip address 10.0.0.1 255.255.255.0 
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone ICT 7
dns domain-lookup Outside
dns domain-lookup admin
dns domain-lookup DMZ
dns domain-lookup User
dns server-group DefaultDNS
 name-server 208.67.222.222
 name-server 156.154.70.1
 name-server DNS-goole
 name-server 199.85.126.30
 name-server 8.8.4.4
 name-server 46.151.208.154
 domain-name 113.161.118.25
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service dns tcp-udp
 description domain name service
 port-object eq domain
object-group service outside_services tcp-udp
 description services alowed form outside
 port-object eq domain
 port-object eq echo
 port-object eq www
object-group service sqlnet_backup tcp
 port-object eq 1522
object-group service RDP tcp
 port-object eq 3389
object-group service Shared_file
 service-object tcp eq domain 
 service-object tcp eq netbios-ssn 
 service-object udp eq domain 
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service VPN tcp-udp
 port-object eq 1194
object-group service Oracle_Naming tcp
 port-object eq 2030
object-group service AGI tcp-udp
 port-object eq 5038
object-group service PACS tcp
 port-object eq 18080
 port-object eq 1982
 port-object eq 5432
 port-object eq 9090
object-group service Video_Conf tcp
 port-object eq 1935
 port-object eq 88
 port-object eq 9123
 port-object eq www
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_SERVICE_2
 service-object tcp-udp eq www 
 service-object tcp eq https 
object-group service toto tcp
 port-object eq 8080
object-group service DM_INLINE_SERVICE_4
 service-object tcp-udp eq www 
 service-object tcp eq https 
object-group service DM_INLINE_SERVICE_5
 service-object tcp-udp eq www 
 service-object tcp eq https 
object-group service DM_INLINE_SERVICE_6
 service-object tcp-udp eq www 
 service-object tcp eq https 
object-group service DM_INLINE_TCP_1 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_3 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_4 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_5 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_6 tcp
 group-object outside_services
 port-object eq https
object-group service Efilm tcp-udp
 description Efilm
 port-object eq 6004
object-group service internet
 service-object icmp 
 service-object udp 
 service-object icmp6 
 service-object tcp 
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object udp
 protocol-object tcp
object-group service BKpacs
 service-object tcp-udp eq domain 
 service-object tcp-udp eq www 
 service-object tcp eq ftp 
 service-object tcp eq ftp-data 
 service-object tcp eq https 
 service-object tcp eq ssh 
 service-object tcp eq 6002 
 service-object icmp 
object-group service H323_Group
 service-object tcp range 3230 3243 
 service-object tcp eq h323 
 service-object udp range 3230 3285 
object-group service PMSoft tcp
 port-object eq 81
object-group service Mail_port tcp
 port-object eq 465
 port-object eq 993
 port-object eq 995
 port-object eq imap4
 port-object eq pop3
 port-object eq smtp
object-group service DM_INLINE_TCP_7 tcp
 port-object eq www
 port-object eq https
 port-object eq pop3
 port-object eq smtp
object-group service Team_viewer tcp
 port-object eq 5938
object-group service Trienkhai_port tcp
 port-object eq 1194
 port-object eq 16002
 port-object eq 8080
 port-object eq 8088
 port-object eq 9443
object-group service BVGD_mana_Vigor tcp
 port-object eq 6443
object-group service ASA_mana_port tcp
 port-object eq 7443
object-group network MW_Internal
object-group network MailWeb
object-group network tan
object-group protocol DM_INLINE_PROTOCOL_3
 protocol-object ip
 protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_5
 protocol-object ip
 protocol-object icmp
object-group network DMZ-network
object-group network DMZ-network1
object-group network obj_name
object-group service DM_INLINE_TCP_14 tcp
 group-object Mail_port
 port-object eq 3389
 port-object eq 8005
 port-object eq 8009
 port-object eq 8080
 port-object eq 8090
 port-object eq 81
 port-object eq www
 port-object eq https
access-list DMZ_access_in extended permit ip any any 
access-list Outside_access_in extended permit tcp any host IP-Public3 object-group DM_INLINE_TCP_14 
access-list User_access_in extended permit object-group DM_INLINE_PROTOCOL_3 host 192.168.6.3 any 
access-list admin_access_in extended permit object-group DM_INLINE_PROTOCOL_5 any any 
pager lines 24
logging enable
logging timestamp
logging list Alert-admin-by-mail level alerts
logging list Alert-admin-by-mail message 101003
logging list Alert-admin-by-mail message 101005
logging list Alert-admin-by-mail message 101004
logging list Alert-admin-by-mail message 101001
logging list Alert-admin-by-mail message 101002
logging console warnings
logging history alerts
logging asdm informational
logging mail Alert-admin-by-mail
logging from-address thinh.hd@inext.vn
logging recipient-address hoducthinh1994@gmail.com level warnings
logging class auth history alerts mail alerts 
mtu Outside 1500
mtu admin 1500
mtu DMZ 1500
mtu User 1500
mtu Mana 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface admin
ip verify reverse-path interface DMZ
ip verify reverse-path interface User
ip verify reverse-path interface Mana
ipv6 enforce-eui64 admin
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
nat-control
global (Outside) 1 interface
nat (DMZ) 1 172.16.77.0 255.255.255.0 dns
nat (User) 1 192.168.6.0 255.255.255.0 dns
static (DMZ,Outside) IP-Public4 Hapi netmask 255.255.255.255 dns 
access-group Outside_access_in in interface Outside
access-group admin_access_in in interface admin
access-group DMZ_access_in in interface DMZ
access-group User_access_in in interface User
route Outside 0.0.0.0 0.0.0.0 14.169.128.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication serial console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication telnet console LOCAL 
aaa authentication enable console LOCAL 
aaa authentication http console LOCAL 
aaa authorization command LOCAL 
aaa authorization exec authentication-server
http server enable
http 172.16.77.0 255.255.255.0 admin
http 192.168.6.0 255.255.255.0 User
http 192.168.141.0 255.255.255.240 DMZ
http 10.0.0.0 255.255.255.252 Mana
snmp-server host Outside 192.168.0.100 community public
snmp-server host Outside 192.168.100.1 community public
snmp-server host Outside 192.168.100.11 community public
snmp-server location quan 10, Ho Chi Minh
snmp-server contact Firewall 5520-0000
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps remote-access session-threshold-exceeded
sysopt connection tcpmss 0
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map inext_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inext_map interface DMZ
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface Outside
crypto map Web_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Web_map interface admin
crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Inside_map interface User
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 subject-name CN=FIREWALL.CISCOPRESS.CCNP
 keypair Hcmutinext
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 enrollment url http://certserver.ciscopress.ccnp:80
 subject-name CN=FW-ASA5520
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate 31
    30820212 3082017b a0030201 02020131 300d0609 2a864886 f70d0101 04050030 
    4f312130 1f060355 04031318 46495245 57414c4c 2e434953 434f5052 4553532e 
    43434e50 312a3028 06092a86 4886f70d 01090216 1b46572d 41534135 3532302e 
    66773535 32302e64 6f6d6169 6e2e766e 301e170d 31373031 31383032 32313530 
    5a170d32 37303131 36303232 3135305a 304f3121 301f0603 55040313 18464952 
    4557414c 4c2e4349 53434f50 52455353 2e43434e 50312a30 2806092a 864886f7 
    0d010902 161b4657 2d415341 35353230 2e667735 3532302e 646f6d61 696e2e76 
    6e30819f 300d0609 2a864886 f70d0101 01050003 818d0030 81890281 8100945e 
    f4fa57a6 c60550d9 607735b7 fd828266 91e41d19 448704d5 ecfdcaf7 7e1019e8 
    c7e4bec2 fb262390 d966bfcb d686c1cb 7bc7d823 e183c291 667c226f aa4541a4 
    0bf7ef4f 375b66d5 659a6f3e aabe65da bf9fb16c 33fb1896 b0c34989 ec947ab6 
    18f45836 bdecd94d c36fee21 0fff200c 3492749c 4ff3a73b 8ed6d95e 9a5b0203 
    01000130 0d06092a 864886f7 0d010104 05000381 81002008 7bc86728 a5d1a698 
    4fd29bfb 82c50285 36b5e421 21c0ea23 6c473df9 001165cb c2183418 45e1c29a 
    d17ddce5 f50ecfd1 608bd7ac baa225cc 53224911 5137d3a5 d7893448 7bd7a991 
    d7fcb171 ac3327c1 02c16ed3 7852bb25 0537a3dd 480dd417 a0f1254a 7b18a82f 
    9f7f6d5c ae82819e abf22072 4b723d2a 443f385d 193b
  quit
crypto isakmp policy 2
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication crack
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 40
 authentication crack
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 70
 authentication crack
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 100
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 130
 authentication crack
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet timeout 5
ssh 172.16.77.0 255.255.255.0 admin
ssh 192.168.1.0 255.255.255.0 admin
ssh timeout 15
ssh version 2
console timeout 0
management-access admin
vpdn group cty-uv request dialout pppoe
vpdn group cty-uv localname cty-uv
vpdn group cty-uv ppp authentication pap
vpdn username cty-uv password ********* 
dhcp-client broadcast-flag
dhcp-client update dns server both
dhcpd dns 208.67.222.222 DNS-goole
dhcpd lease 300
dhcpd domain 192.168.100.253
dhcpd update dns both override 
dhcpd option 6 ip 156.154.70.1 8.8.4.4
!
dhcpd dns 208.67.222.222 DNS-goole interface admin
dhcpd update dns both override interface admin
!
dhcpd dns 203.162.4.191 DNS-goole interface DMZ
dhcpd update dns both override interface DMZ
!
dhcpd address 192.168.6.2-192.168.6.3 User
dhcpd dns 208.67.222.222 8.8.4.4 interface User
dhcpd update dns both override interface User
dhcpd enable User
!
dhcpd address 10.0.0.2-10.0.0.3 Mana
!
vpn load-balancing 
 interface lbprivate admin
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
!
class-map global-class
 match default-inspection-traffic
!
!
policy-map BKpacs
policy-map global-policy
 description global-policy
 class global-class
  inspect ctiqbe 
  inspect dns 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect sip  
  inspect skinny  
  inspect snmp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect xdmcp 
  inspect icmp 
policy-map type inspect im IM_User
 parameters
 match not service chat conference file-transfer games voice-chat webcam 
  drop-connection log
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
!
service-policy global-policy global
ssl encryption aes256-sha1 aes128-sha1 rc4-sha1 3des-sha1
ssl trust-point ASDM_TrustPoint0 Outside
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
username pacscloud password W2qS.iPbqt55yuyy encrypted privilege 15
username ncngoc password E0Nw3B9XJD3Nrx1z encrypted privilege 15
privilege cmd level 3 mode exec command perfmon
privilege cmd level 5 mode exec command dir
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege cmd level 5 mode exec command export
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context 
Cryptochecksum:61d0cd37afcdb9d982d69fe8bd5f1268
: end
asdm image disk0:/asdm-713.bin
asdm location DNS-goole 255.255.255.255 User
asdm location BKpacs 255.255.255.255 admin
asdm location Forum 255.255.255.255 Mana
asdm location internetgate 255.255.255.255 DMZ
asdm location Turn 255.255.255.255 Mana
asdm location SMS 255.255.255.255 Mana
asdm location WAN1 255.255.255.255 Mana
asdm location Hapi 255.255.255.255 Mana
asdm location Pacs 255.255.255.255 Mana
asdm location MailWeb 255.255.255.255 Mana
asdm location VideoNew 255.255.255.255 Mana
no asdm history enable

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card