Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1447
Views
0
Helpful
2
Replies

Users unable to access external email servers ASA even with inspect esmtp removed

powermann
Level 1
Level 1

‎11-25-2011 12:40 PM - edited ‎03-11-2019 02:55 PM

Hi All. I have a issue that i am at a loss as how to slove it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.

I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some reseach and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.

Of note is that i can send emails without atachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.

I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3. I would really appreciate some insite into solving this problem.

My Firewall config is atached. I am at my witts end as to what elese to try. The company has not renewed support for the device so i am on my own here! I would really appreciate you help.

Marlon

Labels:
117915-FW Config.txt.zip
0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎11-30-2011 07:08 AM

Hi Marlon,

Do you see any syslogs in ASDM for this traffic when a connection fails? That will give us more information about why this is failing.

-Mike

0 Helpful

powermann
Level 1
Level 1
In response to mirober2

‎11-30-2011 07:51 AM

Thanks for the response Mirober2

I found a work around for the problem. I  looked at the issue from the end point and found that windows 7 handles tcp windowing diffrently than previous OS's. I still think there is an issue somewhere but i am not sure where esle to look so i will work with this for now.

See note below. Thanks for your help guys.

Disable the auto tuning

Check the state or current setting of TCP Auto-Tuning

1.          Open elevated command prompt with administrator’s privileges.

2.          Type the following command and press Enter:

netsh interface tcp show global

The system will display the following text on screen, where you can check on the Auto-Tuning setting:

Querying active state…

TCP Global Parameters

———————————————-

Receive-Side Scaling State : enabled

Chimney Offload State : enabled

Receive Window Auto-Tuning Level : normal

Add-On Congestion Control Provider : none

ECN Capability : disabled

RFC 1323 Timestamps : disabled

Disable TCP Auto-Tuning

1.          Open elevated command prompt with administrator’s privileges.

2.          Type the following command and press Enter:

netsh interface tcp set global autotuning=disabled

Enable TCP Auto-Tuning

1.          Open elevated command prompt with administrator’s privileges.

2.          Type the following command and press Enter:

netsh interface tcp set global autotuning=normal

http://www.mydigitallife.info/disable-tcp-auto-tuning-to-solve-slow-network-cannot-load-web-page-or-download-email-problems-in-vista/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card