Cisco Firewall :: ASA 5505 Blocks Outgoing Smtp (port 25)

Nov 25, 2012

i cannot send emails to outside, i have an access rule on interface inside permit source: inside  destination: any servic: tcp/smtp and when i make paket tracer  it shows me that the packet is dropped but i cant see through which rule!!
ASA version: 8.4(3)
ASDM version 6.4(7)

View 2 Replies


Cisco Routers :: RV042G How To Route Outgoing Smtp To WAN2

Oct 15, 2012

I have both WAN1 and WAN2 connected to an ISP but only WAN2 should be used for outgoing mails. How and where can I specify this in the configuration?

View 3 Replies View Related

Cisco Firewall :: ASA 5505 With Two Blocks Of Outside IPs

May 22, 2012

I am trying to configure my ASA 5505 security plus through ASDM to receive two blocks of outside IPs (each of which is on a different subnet and a different gateway ip) to translate to my internal server giving it public access.I have searched for days (and maybe incorrectly) but I am finally asking for the configuration of the ASA to support this.

View 1 Replies View Related

Cisco Firewall :: Two Public IP Blocks On ASA 5505?

Jan 16, 2013

We have 2 IP blocks from my ISP.  We have been using just one a /30 block with one IP address used on the outside interface of the device.  The new block is a /29 range and I would need to use just two of those IP addresses.  Here is the situation I am facing.A company we partnered with wants to set up a VPN, they will send us 2 Cisco 861s to put behind our ASA.  Is it possible to assign these 861's with public IPs from the block that we are not currently using? (the /29 range)?  I know that it might require an upgrade to the Security Plus.

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Blocks New Connections To IP

May 22, 2012

I am trying to get up to speed on this topic as quickly as possible. 
Here is my issue:                  
1)     We are able to access the webiste

2)     We are able to upload data packets

3)     We allow the website to time out while we are uploading data packets

4)     When we attempt to re-access the website the ip is blocked a)     this includes pinging and trace

5)     After an undertermined period of time the ip is unblocked and we are allowed to access it again.
The ASA 5505 router is the last forward facing stop before entering the VPN tunnel.  We have tested by circumventing the ASA and we are unable to duplicate the disconnect.  We have reviewed the config file and have not been able to identify what rule/settings could be affecting this.
when tracing port usage, the actions use 2 tcp ports and 1 udp port,  the 2 tcp ports open and close by each transaction, when the ip block occures the 2 tcp ports are "dead"  the udp port remains open (appearhently sending the remainder of the data packets)

View 1 Replies View Related

Cisco Firewall :: ASA 5505 For SMTP Access?

Oct 29, 2012

I need to move the email traffic to a backup circuit.  Below is my config.  I have tried for email access but to no avail. 

asa5505# sho run
: Saved
ASA Version 8.2(2)
hostname asa5505


View 9 Replies View Related

Cisco Firewall :: ASA 5505 Doesn't Allow Local Provider SMTP Traffic

Aug 7, 2011

We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Setting Up SMTP Port Block?

Mar 5, 2012

how to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source ( with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem.  I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits.  So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit?

View 2 Replies View Related

Cisco Firewall :: 5510 - Outlook Port Only Permit (POP3 995 / SMTP 587) With TLS Encryption

Jun 3, 2012

In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .

View 1 Replies View Related

Port Forwarding Port 80 Blocks Internet For Everyone Else?

Aug 7, 2011

I have a DSL-524B from D-Link. My problem is, whenever I Port Forward port 80 to my comp's IP to host a web server, all the other computers connected to the router are unable to access the Internet. So, I set up no-ip to use port 8080, but, this exposes my ip and even when masking, if you look at the HTML code, you get the ip.I need to know how to open up port 80 without restricting Internet access to only my comp, or any other work around.

View 7 Replies View Related

Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port

Aug 15, 2012

I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.

View 12 Replies View Related

Cisco Firewall :: Change Default SSH Port On ASA 5505 (port Forwarding)

Dec 2, 2011

So here is my network.
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP.  I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960.  From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841.  I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet.  I only have one public IP.  As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001.  It appears that changing the default SSH port on Cat 2960 is not an option.  It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP       001f549f  <<pub IP>>:22    *               LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
object network ROUTER


View 28 Replies View Related

Cisco Firewall :: ASA 5505 / Port 5901 - Alternate Port?

Aug 18, 2011

With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.

View 5 Replies View Related

D-Link DIR-655 Blocking Port 69 Outgoing

Jan 12, 2012

within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.Are there some parameter to use in compound conditions for SecurID ?

View 1 Replies View Related

Cisco VPN :: Unable To Use ASA 5505 With VPN And SMTP?

Jul 25, 2011

This is my first post in CSC. I have two issues with ASA 5505. I have configured ASA to use Easy vpn (ASA as RA server). Users are able to connect to vpn with out any issue and there is no diconnections with VPN. But when the users are trying to RDP to server it connects and disconnect as soon as login. some time it connect for 2 mins then it fades out for some time then it reconnects again. I guess I have give correct access-lists. Please find the Running configuration in the below.
2). we have a Email  server in DMZ zone and it users are able to connect to the email server and they can see the emails. But when they try to send any emails it just stuck in the email server queue and does not deliver to the destination.
ASA Version 7.2(3)
 interface Vlan1
  nameif inside
  security-level 100
  ip address intinside


View 5 Replies View Related

Cisco WAN :: 2960 - Block Outgoing Multicast On L2 Port?

Aug 2, 2012

is it possible to block outgonig multicast L2 frames on an Ethernet port in outgoing direction on a 2960 Switch?
I tried the "switchport block multicast" command, but the description of this feature relates to only "unknown" multicast!?
But what means "unknown multicast"? Even if activated, I see a lot of multicast traffic going out that port: IGMP, PIM, SSDP, HSRP, OSPF, .. and also pings and VLC streams to multicastaddresses (ip igmp snooping disabled).
I also tried to map a "mac access-list" to that port, but the "mac access-group" interface command is restricted to only incoming traffic.
Reason: we assume, that there are a couple of specific enddevices, that might react strange to some multicast. Therefor we would like to block outgoing multicast on that specific ports.
I tested it on a 2960 12.2(53)SE2

View 10 Replies View Related

Cisco AAA/Identity/Nac :: Use Radius On ASA 5505 To Block Outgoing User Access By Username In Group

Jan 15, 2012

Can I use AAA Radius on a ASA 5505 to block outgoing user access by user name in a group?

View 2 Replies View Related

Cisco VPN :: When Try To Access Inside Resource From VPN Address ASA 5505 Blocks It

May 8, 2012

I have a newly aquired asa 5505 that I just set up to the bare minimum configurations. I followed a cisco paper on how to create a "remote access vpn" setup for ipsec. I can sucessfully connect and establish a VPN, but when I try to access an inside resource from the vpn address, the asa blocks it.
Specific error is:5 May 09 2012 15:17:48 305013 80 Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside: dst inside: denied due to NAT reverse path failure
Here is my config.
: Saved:ASA Version 8.2(2) !hostname asawooddomain-name wood.localenable password W/KqlBn3sSTvaD0T encryptedpasswd W/KqlBn3sSTvaD0T encryptednamesname kylewooddesk description kyle!interface Vlan1nameif insidesecurity-level 100ip address !interface Vlan2nameif outsidesecurity-level 0ip address dhcp setroute !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!boot system disk0:/asa822-k8.binftp mode passivedns server-group DefaultDNSdomain-name wood.localobject-group service rdp tcpdescription rdp accessport-object eq 3389access-list outside_access_in extended permit tcp any interface outside eq 3389 access-list outside_access_in extended permit tcp any interface outside eq 8080 access-list outside_access_in extended


View 2 Replies View Related

Cisco :: Increase / Decrease Switch Port Outgoing Buffer?

Aug 31, 2012

I have a such setup:Code:

View 3 Replies View Related

Protocols / Routing :: Using Port 1 - 80 For All Outgoing Traffic Possible With Application?

Oct 9, 2012

I want to be able to use port 1-80 for all outgoing traffic. I have a VPS outside my home, which can redirect the packets to the prober ports.Is it possible with an application on the computer and VPS? Or is it impossible?

View 1 Replies View Related

Port Forwarding Working For Incoming Traffic But Not Outgoing?

Feb 6, 2012

I have a licensing server. Other computers need to turn on a program, they send a message to the licensing server, and it responds that they have permission to run.Until today the licensing server was plugged into its own ethernet wall socket and configured with a static IP address. Today I put a router into that wall socket and now the server's plugged into the router.The router (WRT-54G) was set to the static IP - and now the internet on its network works. I set all ports to be forwarded to the server's internal IP address - and now my programs can detect and ping it. But now the server won't send back permissions to use licensed software, or even reply with a list of the software which it can license.

View 1 Replies View Related

Cisco Switching/Routing :: Limiting Outgoing Traffic On Single L2 Port On Nexus 7000 1GB

Aug 4, 2012

I am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.

View 3 Replies View Related

Cisco Firewall :: 5505 ASA Trunk Port In Firewall

Apr 30, 2012

I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2

View 3 Replies View Related

Cisco Switches :: SG300-10 Access Port Change Blocks Other One

Jan 15, 2013

I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (ip route
This is my config:
v1.2.7.76 / R750_NIK_1_2_584_002


View 7 Replies View Related

Cisco WAN :: 7200 - How To Block SMTP Port 25 On Router

Jan 24, 2012

We are running ISP and now a days we have many spam in our network, we want block the SMTP port 25 block on Cisco router 7200.  So we can block the spam in our network.

View 3 Replies View Related

Cisco Routers :: RV042 SMTP Port Change?

Mar 27, 2013

I have an RV042 that I have configured to send alert logs to a comcast email address. Recently comcast changed their SMTP port from 25 to 465. I can't find where to change the port settings in the RV042 to send the router logs via port 465.

View 1 Replies View Related

AAA/Identity/Nac :: ACS 5.1 Custom Smtp Port Number?

May 31, 2012

I have a ACS 5.1, My mailing server does not run on standard port number of smtp (25). Need to know if i can customize the port number suiting my mailing server requirement.

View 0 Replies View Related

Cisco Firewall :: ASA 8.3 Outgoing NAT Not Working Right

Jul 11, 2011

We recently upgraded our ASA to 8.3, most everything went ok, but I am having problems with outgoing nat. It seems that when one our systems that needs to be natted to an outside IP address when connecting out is not doing it. When that system goes out the ip address is our internet IP and not the natted address, however, inbound everything works.
We have one rule that does PAT
nat (INSIDE,OUTSIDE) source dynamic OG_IP_NAT_DMZ obj- is the natting statement that should be translating the addressesobject network obj-
nat (INSIDE,OUTSIDE) static think I need to double nat, is that right if so how?

View 9 Replies View Related

Cisco Firewall :: 2901 - How To Avoid SMTP Inspection On Zone Based Firewall

Aug 2, 2011

We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0). The original configuration.

View 2 Replies View Related

Cisco Firewall :: 2901 To Avoid SMTP Inspection On Zone Based Firewall

Jun 21, 2011

We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0).Incoming mails are going thru Spam and Virus Blocker so that bypassing SMTP inspection is not security issue in this case.

View 1 Replies View Related

Cisco Firewall :: 1921 - IOS Firewall (ZBF) Limit SMTP Connections From Same IP

Mar 14, 2013

IOS Firewall (ZBF) Limit SMTP connections from same IP
we are running a Postfix MTA behind a IOS Firewall (ZBF) on a CISCO1921. Sometimes we get more than 2000 smtp login attemps like
postfix/smtpd[123456]: connect from (...) (...) postfix/smtpd[123456]: lost connection after AUTH from (...)
in one second. May be bruteforce or DoS ... nevertheless - we like to protect the Postfix MTA from this stuff.
Can we inspect the smtp and limit connections in a time period from the the same IP? Something like "not more than 10 smtp connections during 60 seconds from the same ip" .

View 8 Replies View Related

D-Link DIR-655 :: SBS2008 - Network Filter Blocks LAN Port Access To Admin Page

Oct 16, 2011

I'm using my 655 as a WAP, so nothing is connected to the WAN port.  Since I run a SBS2008 in my home, I also have the 655's DHCP disabled.If I enable Network Filtering, everything inbound/outbound on the LAN ports works except accessing the Admin page.  Even if I put the connecting PC's LAN MAC in the tablet.

View 9 Replies View Related

Cisco Firewall :: ASA 5505 Blocking FTP Port

Nov 28, 2011

I am working on an ASA5505 and am trying to open the ftp port. I have a server ( on the local LAN which is attempting to download antivirus updates from the net via ftp.  
ASA Version 8.3(2)
hostname SITE
enable password XXXXXX
passwd XXXXXX


View 4 Replies View Related

Copyrights 2005-15, All rights reserved