Unable to send or receive emails though the ASA5510 firewall

Wayne Thomas · ‎01-05-2011

My organizaton is having issues sending and receiving emails that go through the firewall. Internally, they send and recieve fine. I have confirmed we have internet connectivity (obviously since i am typing this thread... :o) ). The process worked fine up until yesterday morning when I had to reset the firewall because we were unable access the internet at that time. I have verified the settings on the firewall and my exchange server and nothing appears to have changed. We are using a NAT translation for the external email address. I have restored a backup of the ASA config to the unit, but the results did not change.

Any suggestions on what to look for at this point?

lcaruso · ‎01-05-2011

First, If you keep an eye on the logs, you should be able to see anything the ASA drops due to your security policy.

If the ASA config has been restored exactly as it was, it would appear your problem lies elsewhere, but before you can make that conclusion, you must carefully verify the config really is the same as it was when everything was working. I would check again and re-verify that.

If the problem lies elsewhere, an upstream device may be blocking desired traffic. You mentioned having to reboot; perhaps the upstream device was also reset and is mis-configured after being reset.

Kureli Sankar · ‎01-05-2011

First and foremost you need to watch what the syslogs say.

conf t

logging on

logging buffered 7

exit

sh logg | i x.x.x.x

where x.x.x.x is the e-mail server's IP either private or public.

Try to connect to it via the command line and send a test message from a host on the internet.

Follow this syntax listed here: http://www.yuki-onna.co.uk/email/smtp.html

-KS

Wayne Thomas · ‎01-05-2011

I tried to use telent to connect to the mail server, but after it states connecting to mail."servername".org it blinks a curser then goes back to a command prompt.

I did pull this error from the ASDM syslog

3

Jan 05 2011

11:07:49

710003

exchange server name

18002

firewall ip

80

TCP access denied by ACL from exchange servername/18002 to inside:firewall ip/80

Other than that, it just shows where the server built a connection then toredown a connection.

Kureli Sankar · ‎01-05-2011

What does the translation look like? Can you pls. post that? Where are you testing this from? Test it from a host on the internet - from home may be.

What code are you running on the ASA?

Is this 8.3 code?

If so you need to use the inside IP address of the ASA on the ACL that you applied on the outside interface.

-KS

Wayne Thomas · ‎01-05-2011

The more I dive into this the more I feel it is not a firewall issue. I did a tracert to www.google.com off of the exchange server and it is routing to a bogus IP. Another server on the same IP segment did the tracert fine. I will attack the issue from the exchange server side of things from this point.

Thank you all for your help and suggestions!!

Wayne Thomas · ‎01-05-2011

The issue has been resolved. it turned out to be an ARP table issue at my ISP. Once they cleared the table, the emails were sending and receiving again. Thank you all for your help and suggestions.