cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
920
Views
4
Helpful
2
Replies

SMTP logging filter in Cisco ASDM

Hi,

 

I have a Cisco 5510. I am using Symantec Message Labs cloud for filtering emails for SPAM. Once they are filtered, they are then sent to my ASA firewall. Apparently there are some emails after being filtered that are being forwarded to my firewall but I do not receive these emails. I would like to know how to see the incoming smtp traffic on port 25 to my firewall and furthermore is it possible to see why the smtp connection drops. Is it possible to configure/setup this through asdm as I am familiar with ASDM 8.2.

 

Any help on this please.

 

thanks.

 

2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

 

Well, it can definetly be done via ASDM but I do not have one to show you step by step where to go so CLI is our friend here.

 

Basically create a Capture

cap test interface name_if (where traffic arrives) match tcp host x.x.x.x host y.y.y.y eq 25

cap test_2 interface name_if (where traffic leaves to the server) match tcp host x.x.x.x host y.y.y.y eq 25

cap asp type asp-drop all circular-buffer

 

So after you build that up generate a connection and afterwars check all of the captures

show cap test

show cap test_2

show cap asp | include y.y.y.y

 

Of course x.x.x.x is th Symantec Mail Filter and y.y.y.y the SMTP server (Note that if the traffic is recieved on an interface where there is NAT for the server then use on that interface the public IP address)

If you see a packet for the session on the ASP capture it means the FW is dropping the session.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

 

I thank you very much for your answer. I used your answer to search the internet for packet capture through ASDM, and I found some helpful answers. 

I finally used the packet capture wizard from ASDM and saved the packet capture and then inspected the capture through Wireshark. 

Wireshark showed me that my ASA correctly accepted all the smtp packets and let in the email. It was dropped elsewhere in the network.

thanks,

Review Cisco Networking for a $25 gift card