05-18-2010 09:49 AM - edited 02-21-2020 04:39 PM
I've got a IPSEC tunnel between an ASA 5510 and a Sonicwall device. I'm trying to install a new Exchange server behind the sonic wall for internal mail routing. If I telnet within the sites, everything works fine, but when I try to telnet across the tunnel, I just get a 220 **************************** instead of the SMTP banner.
I've seen a lot of posts about turning off smtp fixup on a PIX, but we're currently not inspecting SMTP on the ASA, though we ARE inspecting ESMTP. Mail to the Internet through the ASA works without issue, and mail from the Internet to a pre-existing server behind the Sonicwall also works without issue, so it's definitely just a problem over this tunnel.
Help?
05-18-2010 10:19 AM
So, it turns out the CLI on the ASA 5510 hides the fact that fixup really still does exist eventhough it tells you to use inspect. I ran a 'no fixup protocol smtp 25' just for grins, and wouldn't you know it... It took the command and fixed the problem. *sigh*
09-07-2010 07:32 AM
The command 'no fixup protocol smtp 25' executed in version > 7.0 should do the same as the 'no inspect esmtp' command; They both should simply disable the inspection.
The 'no fixup protocol smtp 25' command isn't really hidden, but it is there to help with configuration migrations from versino 6.x to version 7 and 8.
If you see different results with 'no fixup protocol smtp 25' and 'no inspect esmtp', then you should open a TAC case for further investigation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide