Cisco Firewall :: ASA 5510 Block Sending Emails From Windows XP?
Apr 16, 2013
I have cisco ASA 5510 with basic configuration (default policies). The problem is that windows XP users are unable to send emails form MS outlook and unable to log on to Hotmail , Gmail or any mailing site. While windows 7 and 8 users are not facing any problem.
I have setup a new Prime server 1.2 and am monitoring routers and switches from it. It shows me the device status and all as expected. now when i manually turn off the connectivity of one switch, i do see the alarm generated by the Prime but it doesnt send the email notification.
i checked my mail server settings and have right details of the mail server and email address of the recipient. Also when i run test on that page, i can see the test email coming through.
We installed a new ASA 5510 (ver 8.3(1)) on the weekend and since then have had one isolated email issue.Here is the situation. We have a remote office that connects to us via IPsec site-to-site tunnel. They remote in to one of our servers and from that server email themselves PDF's. They have their own exchange server for general use, but the emails sent from our server go through our exchange server of course. The received email shows the user as the sender AND receiver. This previously worked fine.Since installing the ASA though, users get the following error when they try to open the document: "There was an error opening this document. The file is damaged and could not be repaired."They tried this with a text file and the same thing occured. I have disabled SMTP inspection and have omitted the remote office from the CSC SSM scanning. This has not worked. The remote office also has an ASA 5510 (ver 8.2) but no changes were made this weekend. No updates were applied to Exchange this weekend.Previously my office was using a Cisco 1800, Cisco VPN Concentrator 3000 and Untangle gateway box. I replaced all 3 with the ASA. My supervisor is currently at this remote location and he can still email himself attachments from that particular server with no problem through the tunnel.
Email: when I try to send an email with an attachment (pictures/other files) it starts sending and stops suddenly at around 50-100% I repeat trying to send it and it works after a while. The larger the file size the harder it is to complete and send. 0.5mb is easy to send but over 1-2mb is very difficult.When it stops I get this error message after a min or so.Sending of message failed.The message could not be sent because the connection to SMTP server smtp.googlemail.com timed out. Try again or contact your network administrator.Online: The exact same thing happens on Facebook and other websites uploading gets stuck and times out but does work sometimes.
Our ASA 5510 has been in place for nearly two years, we never have any issue what so ever with it. All along the ASA has been using the default policy. Lately, we beeen getting email deferred in our Barracuda Spam firewall. Google quickly reveals that ESMTP does not play nice with Barracuda witch i disabled eventhough we haven't had any issue with it before. However, the issue remains, we still getting email deferred in the barracuda.
While doing more troubleshooting on the ASA, I constated when issue the command show local-host + IP of the Barracuda, there is an IP address in outside of the interface that can get up to 96 UDP port 53 connections with the Barracuda, this connection never get lower than 20! However, when checking the default setup for the Barracuda, i have the values below:
Incoming SMTP Timeout: 20 Message per SMTP Session : 8 Maximum SMTP Error SMTP Session: 2 Maximum Connection per Client 30m:40
My question is if that ASA show up to 96 DNS session with an outside host to my barracuda, won't that push the barracuda to play email deferred timeout ? Should I change the barracuda default setting? Or should i change the connections limits for the Barracuda in the ASA?
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
How can I prevent the user to share files with p2 programs (torrent, eMule, etc) and to chat via Instant Messaging, Facebook, Twitter, etc. ? I find a lot of suggestion, but allways related to 8.3 or older
block skype 5.1 in my network. This version of skype doesn't need Administrator rights to be installed. In my network there are 2 ways to Internet, one filtered by a PIX 525 ver 6.3(3) and the other by a ASA 5510 ver 8.3(2). No IPS system present on my network.
I have a ASA 5510 device. I have been asked to block Ip range for India from accessing set of servers. Total Subnets: 34,675,968.I really don't want to create a two mile long access list with all these subnets.
how to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source (192.168.0.131) with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem. I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits. So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit?
I have created Different extended access-list which allow/block some specific services like IP,TCP,UDP ,ICMP etc for certain source and destination . But now I have to allow/Block all/any type of services to a certain host from a extended access-list . How can I do it ?
Cisco ASA 5510. Between 5 to 10 minutes of reseting the asa traffic stop accessing outside ip addresses. Ping from console fails to ISP router IP. Ping to google name server failes. I have reset to factory default only setting up nic and natting and it still happens.
Trying to open my Outlook Express emails from old XP into Windows 7. Windows 7 says to verify my information which was emailed to me. However, I cannot receive email since I cannot get on to Live Mail.
I have the following problem, right now we have an ASA 5550 connected to the client´s side. A reset is being received on the client´s side, but when we run the sniffers on both extremes of the network, we can see that the reset is not being sent by the server´s side.
We have narrowed it down to the 5550 ASA, but have found no bug that matches the description.
The characateristics of the reset packet are the following:
- It is the only packet with a TTL of 255.
- Both server and client have very different window sizes, and the reset packet even though has the server´s ip and port as source of the packet, it has the client´s window size.
- It has a correct ack number.
-Before the reset is received, there are a couple of retransmissions of the last packet sent.
- We´re handling a VPN tunnel between both servers.
I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
where is the best place to block unwanted traffic? By that I mean, should I block it at the router, firewall, IPS? As an example, I'm dealing with DNS flood attacks - probably DDoS and reflection. I have a pair of Cisco 2821 routers with two different ISPs doing BGP. Behind that I have an ASA 5510 with IPS module. Behind that I have 2 public DNS servers. Over the last few days I've seen an increase in bogus DNS queries - high volume, distributed. My question is where is the best place to put the ACL to block them? I've been putting them on the ASA, but when the attack is running, it jacks the CPU to 60%. If I don't put the ACL, the IPS seems to pick them up after a while and the CPU is almost as high as with the ACL. I haven't tried to put the ACL on the routers.
We use multiple ASA 5500/5580 cluster systems running 8.3 software versions.Actually we send all our FW syslog data to a SIEM appliance in a DMZ on a remote firewall (non-asa). Recently we suffered a strange incident while implementing a new SIEM collection station now situated in a dmz that is located on one of the ASA contexts. We redirected the syslog streams to the new client for one of the contexts on the ASA cluster that holds the new SIEM agent DMZ..since we did this and redirected the syslog we see double traffic and spoofing errors on that context
a/ the ASA keeps sending out the syslog traffic to the OLD SIEM agent server ip (there is however no trace of its ip in the config)
b/ the traffic leaving the interconnection interface towards the OLD SIEM agent gets a SPOOFING error on the traffic
c/ strangely the data gets also correctly forwarded to the new SIEM collection stations.
We started out with redirecting traffic on only one of the 5 contexts to the new environment and kept logging the others to the old system.I finally got out of the issue by reconfiguring al the other contexts to forward their syslog towards the same new server , since that moment we no longer have the double logging and spoofing error , all syslog traffic goes correctly to the new SIEM agent. It looked like some remenants of the old syslog config remainded on the asa event after deleting and introducing a new config line (we used the asdm to execute the action) as said either it kept the old config or it looked in the other context and "decided" to keep sending to the old server also mentioned in that syslog can find the behaviour in any buglists either way.
For a customer I have configured a new ASA 5505 firewall with 8.42 software. I had to build 3 ipsec tunnels to different locations and firewalls. All tunnels are working except one. I have to translate the inside network 1 to 1 to a different private range before it is sent over the tunnel. Each host from network 192.168.133.0 /24 has to be translated to a 192.168.112.0 /24 host and then sent over the tunnel. (e.g. 192.168.133.22 translated to 192.168.112.22)
I have a Cisco ASA 5510 with a 5 block of IP addresses assigned from our ISP. I am having issues with connectivity and routing traffic from the outside interface to the outside interface. I have my outside interface set up with IP address of 24.182.x.146, it allows internet access and also hosts a web server. Any time I have a client using this device for internet access, I am unable to have traffic accepted for my web server. I.E 100.100.x.52 is using this device, it browses to https://24.182.x.146 and it gets an unable to connect. I am able to connect to the web server from any other ISP/Device. [code]
on ASA 5540 , i configured the logging setup as following :
log in to the internal buffer : buffer size 1048576 bytes
Then i save the buffer to FTP server to save the log messages in continuously way everything was working fine but suddenly sending the ftp traffic to FTP traffic has stopped suddenly before in the live log viewer it was showing when ASA throws the ftp traffic to the ftp server but this stopped suddenly nothing has changed in the ftp server setting (same username and password and the connectivity is there) sending logging traffic to the ftp server came back just when i reboot the ASA.but this is not solution.
I've configured an ASA 5510 FW with asa901-k8 ios. on it's "inside" port there is 10.90.0.0 network. there is another network (10.190.0.0) in my system that can be reached via another router which has 10.90.0.253 ip address. when a client in the 10.90 network wants to reach the 10.190 network the fw redirects the request to the router (10.90.0.253) because the fw is my gateway. there is no problem so far... but... while i can ping and traceroute a 10.190... user from 10.90... network, i can't use any non-icmp appliactions. for example i can't use rdp programs, http web interfaces of some devices on remote network (10.190.0.0). what can cause that? is there any rule in asa that blocks these protocols?
some recommendations for product selection and overall infrastructure setup for our datacenter: We have an old, legacy setup, and are looking to replace equipment, improve performance, enhance security, and implement hardware redundancy (if cost effective).
1) We now have (2) IP blocks from our provider, and need to support both (because we have mailers on older IPs with a good reputation rating). 2) We have (2) aged Sonicwalls, one for each IP block, each connects to multiple internal subnets (some internal subnets need connectivity to eachother, some don't). 3) We have (mostly) public facing web servers (Linux/Apache), as well as database servers (with no external access).
1) Should we implement a Cisco ASA 5520 w/ or w/o SSM modules for the new IP block (for webservers)? 1a) Should we implement a Cisco ASA 5510 or 5505 for the existing IP block (for mailers)? 1b) Or, can we have multiple public IP blocks connected to a single ASA 5520 (or 2 ASA's w/ failover)? 2) Can we connect both firewalls (5520 and 5510/5505) to a single Catalyst 3550 (or similar) using VLANs, and have 6 - 10 VLANs for webserver subnets, with ACLs controlling which subnets/servers can connect to eachother? 2a) Should we implement a second Catalyst 3550 (or similar) for redundancy (webservers have multiple network cards). 3) From our provider, we only have (1) dmark which both IP blocks connect through. Currently we have a switch connected to the dmark in order to 'splice' the connection, and have both existing firewalls connected. Is there a better approach to this? 4) We would like to implement SSL-VPN, and possibly site to site IPSec VPN, but only if there will not be significant performance degredation. 5) Other thoughts/recommendations for new features, enhanced security, or redundancy?