I got a call from a customer that said that they could not send out secure emails from their Exchange server from within their company to an outside email address. So me and the engineer that was with me went onsite, since we were close already, and almost immediately the guy that was with me mentioned that he had recently seen this and that he thought that the ASA inspection was blocking this outbound secure email. Well, that jogged my memory as well, and it seems like I have run into that a few times in the past as well. What was the solution?
Console into the Cisco ASA, then do the following:
ciscoasa# config t
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# no inspect esmtp
I dont recall having to do this for any other firewall except the Cisco ASA. I know I have not for Check Point and Palo Alto. As for any other, Im not sure.
This is the retired Shane Killen personal blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Tuesday, February 4, 2014
Cisco ASA: Can Not Send Secure Email From Behind Firewall
Subscribe to: Post Comments (Atom)
# In ASA version 8.0.3 and later, the allow-tls command is available to allow TLS email with inspect esmtp enabled as shown:
policy-map type inspect esmtp tls-esmtp
inspect esmtp tls-esmtp
service-policy global_policy global
good post Patrick. Thanks.Delete