Cisco Firewall :: 5510 How To Configure Local LAN SMTP Traffic Sending Through New Leased Line

Jun 11, 2012

We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow  SMTP traffic to pass through  from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).

View 2 Replies


Cisco Firewall :: ASA 5505 Doesn't Allow Local Provider SMTP Traffic

Aug 7, 2011

We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.

View 4 Replies View Related

Cisco Firewall :: ASA-5510 Dropping Outbound SMTP Traffic?

Aug 21, 2011

A recently added outbound rule has left my SMTP communications broken. I have since removed the rule, and had Cisco do some damage control, but it's still dropping some of the SMTP traffic. I get a number of NDR messages each day like the one below:Your message did not reach some or all of the intended recipients. Subject: RE: Christopher, Curt Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached:
on 8/21/2011 9:49 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<630.SM.Local #4.4.7>
Your message did not reach some or all of the intended recipients. Subject: RE: Christopher Curd Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached: on 8/21/2011 9:49 AM  Could not deliver the message in the time limit specified. Please retry or contact your administrator.  <630.SM.Local #4.4.7>
I've attached an image of my configuration (ASDM GUI). The part of the image highlighted in green are the SMTP rules. The part highlighted in yellow is another rule that I added about a month ago to block a SYN attack. This rule may be part of the problem because of the order it is in the list. Not sure, though.
I have had two Cisco techs Putty into my ASA to check things out. I think they've done all they can. I wonder at this point if it be wise to just reload the last good running-config I have prior to the Outbound rule being added.

View 13 Replies View Related

Cisco WAN :: 2901 To ASA 5510 Via Leased Line Poor Throughput

Feb 16, 2012

I have two sites connected via 2901 routers to a head end with an ASA 5510, the WAN circuits are LES running at 100MB and at the head end we have a 100MB leased line.  All WAN circuits are provided wires onlyby another supplier.  I have setup the two 2901 routers with inside IP addresses on GE0/0 and a /30 subnet for the GE0/1 interfaces to the ASA over the LES circuit.
The LES circuits are set to 100MB but the problem I am having is that one of the 2901s will only negotiate at 10MBps Half Duplex with the ASA at 100MB Half Duplex, the other will negotiate at 100MBps Full Duplex at both ends.  My WAN provider tells me both LES circuits are the same so I cannot work out why one will negotiate at 100MB Full and the other at only 10Mb Half.
At the head end I have and ASA 5510 connected to the WAN providers 100MB circuit but testing from my end sites I can only get 6MB download and 0.5MB upload on an Internet Speedtest.
I used Wireshark when downloading from my end sites and I can see lots of TCP retries and duplicates so I think this is a duplexing issue, my question is, my WAN provider is stating the issue is nothing to do with them and it is my 2901 and ASA that is at fault, they state if they connect a laptop to the LES circuit and then their leased line they get 100MB up and down.

View 4 Replies View Related

Cisco Firewall :: 1841 / Failover Between Leased Line And VPN

Jul 15, 2011

I am going to design one network. I had queries with this design.Let me explain scenario first( it was attached below).I have two sites, Site-A and Site-B, repectively.

In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.
in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.

From ISP side

I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.

I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.

I will configure site to site VPN between two sites, A and B.

Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.

Summary requirement:Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.

View 3 Replies View Related

Difference Between Leased Line And DSL Line

Mar 27, 2012

The reason is i want to know the difference between the leased line and the DSL line. The whole thing behind the confusion is, We plan to have a high speed internet connection in our office. We will don't have a branch office or some thing like that. I preffered to have high speed internet in our office. I found in some website that Lease line will have high speed connectivity(Upto 10Gbps). Can i use the lease line or DSL is enough for our office. Our office contains of 82 user who will use internet.

View 2 Replies View Related

Cisco WAN :: ASA 5510 - Outside Interface Stops Sending And Receiving Traffic

Aug 8, 2012

Cisco ASA 5510.  Between 5 to 10 minutes of reseting the asa traffic stop accessing outside ip addresses.  Ping from console fails to ISP router IP. Ping to google name server failes.  I have reset to factory default only setting up nic and natting and it still happens. 

View 2 Replies View Related

Cisco Firewall :: Configure ASA 5510 For Individual Server Traffic Routing

Jan 27, 2013

I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?

View 2 Replies View Related

What Are Additional IP Address In Leased Line

Mar 31, 2011

my company has a 4mbps leased line from TTSL . we are getting 2 WAN IP and 2 LAN IP. in Addition we are also getting 12 additional IPs .-what is additional IP, their uses?-how are the 2 wan ips configured? & how they are distributed in network? -is 1 IP from the ISP sufficient if i have a 1:1 internet bandwidth connection?

View 9 Replies View Related

Configuration Of Internet Leased Line?

Dec 28, 2011

I got following IP address from BSNL to configure Internet leased line.OFC cable was terminated at our premises. it has to connect Ethernet port.Say eg.Wan IP : address pool : to 12if i configure one address on Ethernet port1 as nat outside ip address given for wan & pool are different.Then how can i configure pool and how to configure nat inside eg to 255the above ip are not actual ips just given for example.

View 6 Replies View Related

Cisco Firewall :: ASA 8.4 / NAT SMTP Traffic From Outside To Inside?

Dec 25, 2012

Most examples of NAT translation using an ASA 8.4 are based on servers within a DMZ. In my case it's not because the mailserver also functions as an data and Active Directory server for my local domain.  If tried to config the ASA for a while now and throw it in the corner for a couple of months out of frustration. Now I got some time left during christmas break I decided to start again.My purpose is to NAT SMTP / POP traffic from the internet, trough the ASA to my (inside) server. This is what I got so far. With this config I'm unable to telnet the inside server ( from a remote location.
ASA Version 8.4(3)!hostname ciscoasaenable password cE8UUNd encryptedpasswd 2KFQ.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.218!ftp mode passiveobject network obj_anysubnet network server1_smtphost network server1_pop3host outside_access_in extended

I can ping from the ASA CLI. I can Ping DNS from the CLI (internet access). I can Telnet the server from the inside LAN, using: telnet 25.But I can't Telnet from an outside location using: Telnet 95.*.*.218 25 Because my server is on the Inside interface (diffenrent subnet) do I need an additional route?

View 5 Replies View Related

Cisco :: 2911 Connecting To A Leased Line?

Aug 3, 2012

I have a cisco 2911 set up at one of my sites and it is configured with sub-interfaces as this provides a default gateway to each of the offices.I have just had a 100mb leased line put in and i have a couple of questions regarding the config.let me start by telling you how it is set up .I have 3 HP Procurve switches connected together then that connects to the Cisco and the Cisco connects to a Zywall

HP Switches > Cisco 2911 > Zywall > Internet

We are wanting to remove the Zywall and connect the Cisco to the Leased line box

HP Switches > Cisco 2911 > Leased Line > Internet

The config of the cisco is

G0/0 - is up but no cable connected as this holds the sub-interfaces
G0/1 - Connects the Zywall - (this has firewall rules to forward traffic through)
G0/2 - Leased Line

The way i have configured the sub interfaces is with its own DHCP pool and default router, some of the offices have there own ADSL router and hold there own Internet connection and the default gateway for that is and the offices that use the Cisco use default gateway of

Now my question is how would I move everyone onto the Leased line and get rid of the Zywall ? Would it be as simple as giving the leased line an address and put in a static route to forward all traffic through that connection ? Or am i missing a trick or 2.

View 2 Replies View Related

Cisco Firewall :: How To Log Incoming Traffic (SMTP) On PIX 515E

Mar 6, 2013

I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console.Do I need to use a SYSLOG server? I can probably set one up on my laptop.

View 1 Replies View Related

Cisco WAN :: Leased Line Connection Through ONT To 1841 Router

Jul 29, 2012

How to configure leased line from the ONT connection on Cisco 1841 router . there have public IPs on the interfaces fa0/0 & fa0/1.

View 4 Replies View Related

Cisco WAN :: Failover On Router 1800 Having DSL And Leased Line

Feb 4, 2013

Leased line is between dammam      to dubai and the dammam office is getting internet from dubai.The ip address of Dammam      office is class A (Public IP) x.x.x.x and for dubai it is y.y.y.y which we are      using as proxy for accessing internet.I purchase the local DSL      direct line connection through cable from Local Provider and this ip address range is - it possible to use the DSL      line as failover, so if one line goes down the user should remove proxy      and can use local internet.The router which is using is      cisco 1800. 

I believe that failover is possible, 100%, but would like to know how I can do it and requesting for sharing more inputs about failover in this case.

View 2 Replies View Related

Cisco Firewall :: ASA5510 SMTP Traffic - Host Unreachable

Jul 8, 2012

Up until recently one of my sites was able to get to a postilion subnet. Then we started receiving "host unreachable" e-mails. Posting told us SMTP traffic was not getting let in. I've compared the current config to a config that was saved before the issue popped up and found really no noticeable difference.
I tried a packet tracer trace with no luck: SiteB- Firewall# packet-tracer input outside tcp 12345 25.
Phase: 1
Result: ALLOW
Additional Information:
Found no matching flow, creating a new flow
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Attached is a sanitized config. I'm not entirely convinced it's a firewall issue, but I need to some successful testing to prove otherwise.

View 19 Replies View Related

Cisco WAN :: Setting Up 2811 Serial Leased Line Connection

Feb 7, 2012

I am a total new comer for Cisco Router. All I know is plug the console cable to a serial port on a PC, fire-up HyperTerminal to view and that's it. I don't know any command or scripts.
I am trying to setup my client connection, I already receive the required configuration settings from ISP. It is a Leased Line Serial connection.
How to setup the router with the below configuration.
Serial IP : 1.X.XX.222
Serial Netmask : 255.255.255.XXX
 LAN IP : 1.X.XXX.1 to 1.X.XXX.31
LAN Netmask : 255.255.255.XXX
[Code] ....

View 5 Replies View Related

Cisco WAN :: Configuring 1921 Router For Leased Line With Ethernet?

Oct 3, 2012

What are the commands for Configuring Cisco 1921 Route's  Gigabit Port G0/0 or G0/1  for Leased Line termination having Ethernet Hands Off
Modem Provided by ISP (BSNL ) is CTR-U

View 10 Replies View Related

Cisco WAN :: 2911 - Need PVDM When Use HWIC-2CE1T1-PRI For Leased Line

Oct 11, 2012

We plan migrate an old existing WAN architecture based on legacy data serial links. These links will be consolidated on a E1 channalized card.
My question :
Is the HWIC-2CE1T1-PRI need a PDVM DSP ressources on router  to oparate for data leased lines or no?
The VWIC3-1MFT-T1/E1 will be used for the backup dial in ISDN connexions? this type of cards a PVDM DSP ressources for data connexions or no?
ISR router are 2911.

View 5 Replies View Related

Cisco Firewall :: Setting Up ASA 5510 Cannot Get SMTP To Come In

Mar 21, 2013

I have a ASA 5510 (ver 8.4) and I have been all over the support sites looking for what I am doing wrong. I have a sanitized cut n paste of the OBJECT, NAT, ACCESS-LIST and Packet Tracer output and it keeps failing on the NAT with a rpf-check. Once i get the SMTP flowing I have to open up HTTP and HTTPS to one of the servers also.
Here it is:
RVGW# sh run object
object network WiFi


View 1 Replies View Related

Cisco Firewall :: ASA5505 8.4.2 NAT To Forward SMTP And RDP Traffic To Internal Host

Nov 26, 2011

I am new to the ASA series and I am at a complete loss as to why I cannot configure this router to forward SMTP and RDP traffic to an internal host.
The packet trace tool in ASDM shows complete end-to-end connectivity for RDP but it still fails to connect from outside. This is my config file, what I need to change in order to make it work?

View 19 Replies View Related

Configuration Of Video Conference On Cisco 1751 Using Internet Leased Line

Feb 20, 2012

I have configured cisco 1751 router for internet with nating. Internet browsing working fine. But We have polycom hdx 6000 conference system to connect from remote site.

1. While calling remote ip it is ringing and connecting but not displaying any thing on the screen but their side is displaying.
2. When they call our side ip it cannot connecting.

I have connected netgear router then video conference is working fine (with out port forwarding also). If I configured that router between 2 local sites (not on internet line) its working fine where i did not configured any thing just given routing. Configure same situation using internet leased line.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 ACL For Blocking Outbound SMTP

Jan 30, 2013

I'm trying to configure a simple ACL to block smtp traffic from leaving my LAN -- basically prevent internal users from setting up internet email accounts in their email clients and sending through that smtp server. i want my Exchange server only to send smtp traffic. here's what i have:
-access-list 102 extended permit tcp host eq smtp any eq smtp <=== is Exchange
-access-list 102 extended deny tcp any eq smtp any eq smtp
-access-list 102 extended permit ip any any
-access-group 102 in interface inside
after i apply this ACL to the ASA, i am still able to send from my internet email address setup in Outlook using my "foreign" smtp server.

View 1 Replies View Related

Cisco Firewall :: Accessing SMTP From Outside Network Through ASA 5510?

Oct 11, 2012

I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall)  problem is that if one leaves my network they can receive but can not  send email via my SMTP also internal people can only send if they use  the IP address of the server rather than the domain [URL]

here is my layout
ISP - ASA 5510 - LAN (includes mailserver)

View 7 Replies View Related

Cisco Firewall :: Add IP Address For SMTP Services ASA 5510

Nov 28, 2012

We have hosted spam filter service with 3rd party vendor.  My vendor is switching to different spamming services and I need to add ip address lets say 44.33.454.32 to the list of allowed system that can connect to my smtp service.  I am going over my firewall 5510 configs and I think I need add the entry like this: “access-list outside-to-inside extended permit tcp object-group obj-44.33.454.32 interface outside eq smtp”. [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Ways To Allow Outside Adapter To Permit Smtp

Oct 25, 2012

We have a 5510 (8.2) with the following 4 interfaces (security-levels) inside (95), outside(0), dmz(25), and test (95).  The dmz network is and the outside interface is have run into a situation where a dmz hosted iRedMail server running postfix ( is relaying mail which in some cases points back to us at and into our Exchange server.  In these cases in the dmz server's mail logs we see postfix timeout trying to connect to smtp at  When I try to telnet from to the outside interface on port 25 it times out.We've tried different ways to allow the outside adapter to permit smtp (or any service!) from but we're left scratching out heads.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Setting Up SMTP Port Block?

Mar 5, 2012

how to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source ( with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem.  I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits.  So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit?

View 2 Replies View Related

Cisco Firewall :: 5510 Single Outside Public / Can PAT Out And NAT SMTP Server Back

Jul 30, 2012

I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...

1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) =
Public (outside) address =
Email server internal =
Internal private subnet for users =

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Block Sending Emails From Windows XP?

Apr 16, 2013

I have cisco ASA 5510 with basic configuration (default policies). The problem is that windows XP users are unable to send emails form MS outlook and unable to log on to Hotmail , Gmail or any mailing site. While windows 7 and 8 users are not facing any problem.

View 2 Replies View Related

Cisco Firewall :: 5510 - Outlook Port Only Permit (POP3 995 / SMTP 587) With TLS Encryption

Jun 3, 2012

In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .

View 1 Replies View Related

Cisco VPN :: ASA 5510 / 1841 - How To Configure Local Network To Access Internet

Jun 10, 2011

I configure for our office site to site VPN project. Now I configured already  Site to site vpn between ASA 5510 and 1841 router.               

HQ LAN                              
Branch LAN >>> ASA 5510>>>>> 1841 >>> INTERNET <<<<<< 1841 <<<<<< ^^^^ Call Manager 2851 

Now can access from Branch LAN to HQ LAN each other. I face the problems that are 

1) In branch LAN , they can access HQ LAN & resource , but cannot access internet. I didn't configure NAT on PH Router

2)  Can I access internet from BRANCH LAN through HQ LAN to INTERNET. Or  Can I access Internet from Branch LAN from PH Router directly while  access to VPN to HQ LAN ?  

3)  In Branch Site , hard phone cannot work but soft phone on PC can call to HQ. Hard phone IP are same in Remote Network ( ) . Is it problem ? how can I configure separately ?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Cannot Ping Local Traffic And Hosts

Jul 24, 2012

I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA ( There is a PC ( plugged into e0/1.

I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping

I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC cannot get out

ASA Version 7.2(4)
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted

View 2 Replies View Related

Can't Connect To Internet But Local Area Network Is Sending Packets?

Mar 17, 2011

I can't connect to the internet. When I double click Local Area Network under Network connections it says it has both sent and received packets. It is set to automatically acquire an ip address. The computer is connected to a router. I can ping but when I try to reach my router's settings it says page can't be loaded. I tried to hook the computer up directly to the modem and connect that way. It said it was connected and it was sending packets but I still couldn't do anything. I've turned off the windows firewall. The computer is Windows XP SP1

View 5 Replies View Related

Copyrights 2005-15, All rights reserved