Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
0
Helpful
2
Replies

Is there a way to change the source interface for email alerts created by the ASA?

Go to solution
Sheraz_35
Level 1
Level 1

‎01-11-2016 07:14 AM

Hi,

We have configured our ASA to send email alerts for events such as login's, it works fine between our ASA and the email server that is reached through the "inside" interface,  however we tried to configure it for another ASA at a remote site that is connected via a site to site VPN, the problem is when the remote ASA tries to send an email to our email server it uses the source IP of the outside interface we need it to use the source IP of the inside interface so that it gets sent over the VPN. Is there a way to configure this?

At the moment when the ASA tries to email our email server it uses the source IP of Outside interface  because it see's this interface as the exit interface as a result the email's do not get sent over the VPN. 

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-11-2016 05:48 PM

If the remote email server is only reachable over site-site VPN, I don't believe you can setup the ASA to originate traffic to it from an interface other than the one with a route to the remote server. And it will only encrypt into the VPN tunnel packets that arrive on the interface where the crypto map is applied (i.e. inside interface).

You could proxy the mail or setup a forwarding rule on your local email server.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎01-11-2016 08:26 AM

Could you post what you have in the config of the remote ASA for sending the Email? Also post the output of show ip.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-11-2016 05:48 PM

If the remote email server is only reachable over site-site VPN, I don't believe you can setup the ASA to originate traffic to it from an interface other than the one with a route to the remote server. And it will only encrypt into the VPN tunnel packets that arrive on the interface where the crypto map is applied (i.e. inside interface).

You could proxy the mail or setup a forwarding rule on your local email server.

0 Helpful
Customers Also Viewed These Support Documents