05-30-2011 10:17 AM - edited 03-11-2019 01:40 PM
Hi,
My ZBF is dropping some SMTP packets, and allowing others...even though they're allowed.
My ZBF (SMTP) configuration:
class-map type inspect match-all c_servidoressmtp
description Class Map allowing SMTP Access
match access-group name ACL_SMTP
match protocol smtp
policy-map type inspect p_EXTtoSRV
class type inspect c_servidoressmtp
inspect
ip access-list extended ACL_SMTP
remark ACL SMTP SERVERS
permit ip any host 200.19.105.193
Log's:
May 30 13:59:18 udesc-servidores/udesc-servidores 2809973: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:46013 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809974: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:61800 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809976: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 46 tcp packets were dropped from 74.125.82.45:44331 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809980: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 4 tcp packets were dropped from 201.23.81.230:44768 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
May 30 13:59:18 udesc-servidores/udesc-servidores 2809989: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 1 tcp packet were dropped from 209.85.213.185:38750 => 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)
#sh policy-map type inspect zone-pair zp_EXTtoSRV
Class-map: c_servidoressmtp (match-all)
Match: access-group name ACL_SMTP
Match: protocol smtp
Inspect
Packet inspection statistics [process switch:fast switch]
tcp packets: [111655:55981644]
Session creations since subsystem startup or last reset 1142351
Current session counts (estab/half-open/terminating) [20:0:0]
Maxever session counts (estab/half-open/terminating) [181:52:50]
Last session created 00:00:04
Last statistic reset never
Last session creation rate 28
Maxever session creation rate 610
Last half-open session total 0
TCP reassembly statistics
received 0 packets out-of-order; dropped 0
peak memory usage 0 KB; current usage: 0 KB
peak queue length 0
Anyone have any idea?
Thanks,
Fernando
06-14-2011 12:16 PM
The public smtp server might be using ESMTP rather than SMTP. If so, use "match protocol smtp extended" instead. If that's not it, you might want to open a TAC case to investigate further.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide