01-05-2011 05:38 AM - edited 03-11-2019 12:30 PM
My organizaton is having issues sending and receiving emails that go through the firewall. Internally, they send and recieve fine. I have confirmed we have internet connectivity (obviously since i am typing this thread... :o) ). The process worked fine up until yesterday morning when I had to reset the firewall because we were unable access the internet at that time. I have verified the settings on the firewall and my exchange server and nothing appears to have changed. We are using a NAT translation for the external email address. I have restored a backup of the ASA config to the unit, but the results did not change.
Any suggestions on what to look for at this point?
01-05-2011 06:51 AM
First, If you keep an eye on the logs, you should be able to see anything the ASA drops due to your security policy.
If the ASA config has been restored exactly as it was, it would appear your problem lies elsewhere, but before you can make that conclusion, you must carefully verify the config really is the same as it was when everything was working. I would check again and re-verify that.
If the problem lies elsewhere, an upstream device may be blocking desired traffic. You mentioned having to reboot; perhaps the upstream device was also reset and is mis-configured after being reset.
01-05-2011 06:53 AM
First and foremost you need to watch what the syslogs say.
conf t
logging on
logging buffered 7
exit
sh logg | i x.x.x.x
where x.x.x.x is the e-mail server's IP either private or public.
Try to connect to it via the command line and send a test message from a host on the internet.
Follow this syntax listed here: http://www.yuki-onna.co.uk/email/smtp.html
-KS
01-05-2011 08:22 AM
I tried to use telent to connect to the mail server, but after it states connecting to mail."servername".org it blinks a curser then goes back to a command prompt.
I did pull this error from the ASDM syslog
3 | Jan 05 2011 | 11:07:49 | 710003 | exchange server name | 18002 | firewall ip | 80 | TCP access denied by ACL from exchange servername/18002 to inside:firewall ip/80 |
Other than that, it just shows where the server built a connection then toredown a connection.
01-05-2011 08:38 AM
What does the translation look like? Can you pls. post that? Where are you testing this from? Test it from a host on the internet - from home may be.
What code are you running on the ASA?
Is this 8.3 code?
If so you need to use the inside IP address of the ASA on the ACL that you applied on the outside interface.
-KS
01-05-2011 09:04 AM
The more I dive into this the more I feel it is not a firewall issue. I did a tracert to www.google.com off of the exchange server and it is routing to a bogus IP. Another server on the same IP segment did the tracert fine. I will attack the issue from the exchange server side of things from this point.
Thank you all for your help and suggestions!!
01-05-2011 12:16 PM
The issue has been resolved. it turned out to be an ARP table issue at my ISP. Once they cleared the table, the emails were sending and receiving again. Thank you all for your help and suggestions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide