Re: Outbound email issue with ESMTP inspection disabled

deyster94 · ‎01-15-2013

I have a client that is running an ASA5512-X. When I initially installed it, they were having issues sending out emails. I disabled ESMTP inspection and thought it resolved the issue. Recently, they upgraded to Exchange 2010 and are still having an issue with some emails getting hung up in the queue. If I watch the ASA when they try to telnet to the external mail servers that do not work, they get a SYN timeout.

I am not sure why this would happen since ESMTP is disabled. They are running 8.6(1) on the ASA.

TIA,

Dan

Julio Carvajal · ‎01-16-2013

Hello Deyster,

Next step would be to take captures on the ASA to analize why this is not working.

Captures an logs my friend

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

david.tran · ‎01-16-2013

you need to ask yourself this question: do I need to run version 8.6(1). If you downgrade to a lower version, will that work?

IMHO, it is much easier to downgrade to another version and see it if it works instead of troubleshooting this. Let Cisco TAC figure this out themselves.

For the record, I use Exchange2010 with Pix 515E with version 8.0.4 and it works without any issues.

deyster94 · ‎01-16-2013

This is an ASA5512-X and 8.6(1) is the first version out for this model. Unfortunately, I cannot downgrade this ASA.

david.tran · ‎01-16-2013

If you have issue with ESTMP, then it is also likely that you will have issue with sqlnet as well . In other words, you're at the mercy of Cisco to come up with a fix

deyster94 · ‎01-16-2013

I did a packet capture and it really didn't show me much other than the connection fails with a TCP SYN Timeout. What I don't get is why does this only happen with some mail servers.

Edit: I noticed I was looking at the wrong IP address for the packet captures. Going to do some more to see what I can find.