01-11-2016 07:14 AM
Hi,
We have configured our ASA to send email alerts for events such as login's, it works fine between our ASA and the email server that is reached through the "inside" interface, however we tried to configure it for another ASA at a remote site that is connected via a site to site VPN, the problem is when the remote ASA tries to send an email to our email server it uses the source IP of the outside interface we need it to use the source IP of the inside interface so that it gets sent over the VPN. Is there a way to configure this?
At the moment when the ASA tries to email our email server it uses the source IP of Outside interface because it see's this interface as the exit interface as a result the email's do not get sent over the VPN.
Thank you
Solved! Go to Solution.
01-11-2016 05:48 PM
If the remote email server is only reachable over site-site VPN, I don't believe you can setup the ASA to originate traffic to it from an interface other than the one with a route to the remote server. And it will only encrypt into the VPN tunnel packets that arrive on the interface where the crypto map is applied (i.e. inside interface).
You could proxy the mail or setup a forwarding rule on your local email server.
01-11-2016 08:26 AM
Could you post what you have in the config of the remote ASA for sending the Email? Also post the output of show ip.
HTH
Rick
01-11-2016 05:48 PM
If the remote email server is only reachable over site-site VPN, I don't believe you can setup the ASA to originate traffic to it from an interface other than the one with a route to the remote server. And it will only encrypt into the VPN tunnel packets that arrive on the interface where the crypto map is applied (i.e. inside interface).
You could proxy the mail or setup a forwarding rule on your local email server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide