Cisco Firewall :: ASA 5520 - ESMTP Connection Dropped
May 30, 2013
We are working with an ASA 5520 and it seems there is an issue with some email messages sent throught it. When there are many recipients in the emails the email messages are not sent, and I have revised the server an the only thing I see is connecting dropped. When I went to see ASA log and see this log report: ESMTP Classification: Dropped connection for ESMTP Request from 'interface': servername/portnumber to outside: IP address/25; matched Class 2: cmd RCPT count gt 100 tcp flow from interface:servername/portnumber to outside: IP address/25 terminated by inspection engine, reason - inspector disconnected, dropped packet. So I think there should be an inspection of ESMTP packets and if they detect an email message sent to over 100 addresses, then the packet is dropped, am I right? if so, what should I do to let those email messages be sent?
View 6 Replies
ADVERTISEMENT
Jun 27, 2012
I am using a pptp server running on windows 2008 server and I have configured my ASA 5520 to let the PPTP traffic to pass throught.
The solution works quite well but exactly every 120 minutes the connection drops and people have to reconnect. Is there any setting to change? In the PPTP server I haven't found any setting to change.
View 2 Replies
View Related
Apr 8, 2011
Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
2011-04-09 16:15:09 Local4.Info 172.16.1.68 %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE:68.22.26.66/4500 to inside:172.16.9.10/4410 duration 0:27:49 bytes 18653
View 1 Replies
View Related
Aug 9, 2012
We have several customers running ASA 8.4x code and all seem to be plagued with the ESMTP inspection bug CSCtr92976.I have tested this in the lab with an ASA 5505 running 8.4(1), 8.4(2) and 8.4(4)1 & 8.4(4)3 and the behaviour is always the same. I have an Exchange 2007 server and I can see in the logs the following messages:
2012-08-10T13:04:37.331Z,EXCHANGEDefault EXCHANGE,08CF3610468A42D7,3,192.168.102.28:25,192.168.250.26:52756,<,XXXX XXXXXXXXXXXXXXX,
2012-08-10T13:04:42.345Z,EXCHANGEDefault EXCHANGE,08CF3610468A42D7,4,192.168.102.28:25,192.168.250.26:52756,>,500 5.3.3 Unrecognizedcommand, 2012-08-10T13:05:20.506Z,EXCHANGEDefault EXCHANGE,08CF3610468A42D7,5,192.168.102.28:25,192.168.250.26:52756,<,XXX,
This is with the default ESMTP inspection enabled. I have also created a custom ESMTP inspection policy that does nothing but log and the behaviour is still the same. Sometimes traffic will pass but most of the time it won't. The workaround is to just disable the ESMTP inspection.
View 2 Replies
View Related
Jan 14, 2013
I have a client that is running an ASA5512-X. When I initially installed it, they were having issues sending out emails. I disabled ESMTP inspection and thought it resolved the issue. Recently, they upgraded to Exchange 2010 and are still having an issue with some emails getting hung up in the queue. If I watch the ASA when they try to telnet to the external mail servers that do not work, they get a SYN timeout.
I am not sure why this would happen since ESMTP is disabled. They are running 8.6(1) on the ASA.
View 5 Replies
View Related
Jun 13, 2011
I am having an issue with an ASA 5510, running 8.4(1) code, causing outbound mail to remain in the SMTP server queue (Exchange 2007). This only happens with some remote mail servers. The connection usually ends with the remote server eventually sending a TCP reset.
I've taken multiple inside and outside packet traces.Other trace's contain either X's preceding various sections of the stream content or all X's in the content. The X's only appear when inspection is enabled.
Disabling inspection is the only thing that seems to allow mail to flow. I find this curious because I'm running this same ESMTP policy on other ASA's. However, they are on 8.3 code.
Most everything I find when searching on this subject says to disable ESMTP inspection. [code]
View 4 Replies
View Related
Dec 12, 2012
I have a problem with the connections to the remote webservice passing through ASA 5520 firewall. Connections are usually interrupted in perod of half an hour in every few days.
This ASA 5520 firewall is only one firewall in a path to the remote webservice.
During the interruption I find the logs:
UTC: %ASA--4-419002: Duplicate TCP SYN from dmz1:x.x.x.x/.... to outside:y.y.y.y/p with different initial sequence number
Teardown TCP connection 28309406 for outside:y.y.y.y/p to dmz1:x.x.x.x/.... duration 0:00:30 bytes 0 SYN Timeout
How I could find root cause? Could it be solution implemetation of TCP State Bypass?
View 1 Replies
View Related
Oct 7, 2012
We recently replaced our Cisco 5510 with a 5520. I had the SSL Client VPN working on the 5510, I cannot get it working on the 5520. The IOS version is 8.2(5) and the ASDM version is 6.4.I run through the SSL Client wizard and get everything set up. When I try to get to my outside interface Internet Explorer just comes up with an error. When I try to connect through the Cisco AnyConnect client on my Android it used to come up with a "No address available for SVC connection". After deleting an address pool not even related to my SSL VPN profile I cannot get that far. I just get a "login failed". Even after I create a user with level 15 privilege and assign to my vpn group policy.I still get the "No address available for SVC connection" when I try to connect to the default profile, which doesn't really go anywhere.
View 23 Replies
View Related
Apr 9, 2013
Device Cisco ASA
Model:5520
OS 8.4(2)
I am not able to access the device via SSH .After connecting to teh console I have found that allowed SSh session are fully utilized with show resource usage command and the output is [code]
So I used show ssh session command to see who is using the sessions but in the output it has showed only one session and the output was [code]
I was wondering why it shows only one session above instead of showing all the 5 sessions which are utilized as confirmed by show resource usge command.We are usning some internal tool for ssh monitoring on device which is poling the device after a fixed interval for port 22 reachabilty .I dont think these tools are making any issue as this is secondary firewall and we are not facing any reachabilty issue for primary firewall.also we are using 10 min for idle ssh timeout.
View 13 Replies
View Related
Oct 25, 2011
I configured multiple vlan on my Cisco ASA5520. Everything work perfectly except RDP (3389) connections. The connections are established but but after a period of inactivity, the user is disconnected from server (black screen). The same problem happens with other type of connections (client/server), exemple : Oracle, file sharing. Before installing the ASA, computers and servers were in the same vlan and it worked well.
There's a notion of inter vlan timeout connection ?
View 5 Replies
View Related
Jun 24, 2012
I have a Cisco ASA 5520 that I'd like to be able to connect directly to our gigabit fiber connection (we're currently connected through a media converter that's causing problems). I've found the following:Cisco ASA 5500 Series 4 Port Gigabit Ethernet Security Services Module [URL]. I only need a single fiber connection, as opposed to the 4 copper + 4 fiber.
View 1 Replies
View Related
Nov 28, 2012
I have a Cisco ASA 5520 that we was working properly. I tried to create a VPN IPSEC to test but when I finished the wizard I lost the conection between the inside interface and outside. I use other interface for DMZ and other for printers network but this adapters are working properly. I have reviewed the NAT's and the ACL's but I don't see the problem?
I have delete the VPN IPSEC but it's still not working and I have the network down
View 2 Replies
View Related
Jul 5, 2012
I am configuring a 2921 with enhanced security using the CCP. I have found a behavior that seems strange to me and I'm not sure if I'm misunderstanding something or missing a setting. It seems that if I create a firewall rule to "allow" traffic through, that traffic gets dropped, but if I set the action to "Inspect", the traffic comes through fine. I can actually reproduce this at will by setting up a rule from out-zone to self to allow traffic and I cannot telnet into it from an external ip, but if I change that rule to "inspect" i can connect fine (i dont want that rule set up permanently, was just using it to test the firewall).
If I set the allow rule to log, I see the following line in the application security log:
(target:class)-(ccp-zp-out-self:user-fw-ccp) Passing telnet pkt 1.1.1.1:58141 => 2.2.2.2:23 with ip ident 0
(where 1.1.1.1 is the external laptop and 2.2.2.2 is my WAN IP address of the 2921)
So it looks to be passing the traffic, but that traffic is getting dropped somewhere because the connection is unsuccessful.
Is this the expected behavior of "Allow" action? Is there something I can do to make sure "allow" traffic actually gets through?
View 1 Replies
View Related
Oct 19, 2011
I have a server in a DMZ behind the ASA, connections to this server work sometimes and then fail others, so I dont think i'm looking at an ACL or NAT problem here.The syslogs report a SYN Timeout,I have taken a trace on the ASA, it seems that a SYN-ACK does come from the destination server within the 30sec timeout, but its not passed through the ASA back to the source ? there is one odd thing, what seems to be an out of sequence ACK from the destination which arrives before the SYN-ACK at the ASA, i'm wondering if this might be the problem ? This only occurs on the connections which fail, the connections that work, the destination responds quickly to the initial SYN, and the 3way handshake completes.
Syslogs :
Oct 18 19:17:32 nzlsudfedsi001-pri Oct 18 2011 19:17:32 NZLSUDFEDSI001 : %ASA-6-302013: Built outbound TCP connection 42327212 for IIP-ARCHIVE-PROD:172.24.32.31/21 (172.24.32.31/21) to BPO-TRANSIT:x.x.x.x/59392 (x.x.x.x/59392)
Oct 18 19:18:02 nzlsudfedsi001-pri Oct 18 2011 19:18:02 NZLSUDFEDSI001 : %ASA-6-302014: Teardown TCP connection 42327212 for IIP-ARCHIVE-PROD:172.24.32.31/21 to BPO-TRANSIT:x.x.x.x/59392 duration 0:00:30 bytes 0 SYN Timeout
[code].....
View 2 Replies
View Related
Mar 27, 2011
Ive got a virtualised firewall running 3 security contexts in routed mode. What am experiencing is that i cannot connect to an OUTSIDE host through the security contexts. From the firewall itself i cannot ping the directly attached host on the OUTSIDE interface but i can ping the directly attached host on the INSIDE interface. When i reload the firewall box, the first ping to the OUTSIDE host would be successful but subsequent pings fail and thus total connectivity is lost.
I even tried upgrading to ASA version 8.4(1) but still the same.
View 5 Replies
View Related
May 1, 2013
We have ASA 5520 firewall.For broadband Internet access, we have T1 Router(edge router provided by ISP) which provides public IP's 198.24.210.224 / 29. We have usable public IP's 198.24.210.226 - 198.24.210.230 with default gateway 198.24.210.225. We assigned 198.24.210.230 255.255.255.0 to the outside interface.
If we connect the ASA 5520 outside interface directly to T1 router, can all packets with destination addresses 198.24.210.224/29 reach the outside interface without using other device like another router or switches?I just assume that only packets with destination address 198.24.210.230(outside interface ip) can reach the outside interface from the edge router.Is it wrong assumption? If it is correct, then is there any way to route all packets with destination address 198.24.210.224/29 to the outside interface?
View 3 Replies
View Related
Nov 11, 2012
Currently in our environment we have have two buildings with an ASA 5520 in each and a core stack of 3750's in each building. I am currently working on a network segmentation project and am thinking of adding another stack of 3750's in each building to add more redundancy to our network. This will allow our access layer switches to have a trunk to each stack and prevent an outage if one of the links or stacks were to go down.
My question is how I would set this up on the ASA end of things while using a common subnet and HSRP on the 3750's. I understand how to use HSRP and STP on the switches to achieve this on the 3750 end of things. I saw you can do etherchannel on the ASA with 8.4 but how does that work in a failover situation?
View 2 Replies
View Related
Nov 3, 2011
I have a client that has an ASA 5520 that has two internet connections, FIOS and Comcast. The ASA is configured to failover from the FIOS to the Comcast if the FIOS fails. This works perfectly fine. However, I was wondering if VPN and other inbound traffic will come into the secondary connection when it is active. I think VPN will work inbound when the FIOS connection fails, but I am not sure about the other inbound connections.
View 1 Replies
View Related
Feb 1, 2011
I am using wireless connection and my VPN connection ets dropped all the time. Are there any settings I need to change?I am using juniper networks client. Is there any settings I need to change?
View 1 Replies
View Related
Jun 29, 2011
I have an issue witch Cisco VPN-Client V 5.0.06.0160 Remote VPV-Access to ASA 5510 8.2(3)
Evrything works fien but sometimes after about 4-5 Hours the Connection is dropped by the ASA. The Client still prtends to be connected, but there is no connection seen on teh ASA.
View 7 Replies
View Related
Dec 12, 2011
My etherenet connection dropped out of my network sharing center and i can not get it to come back. I dont know where to look or how to reactivate it.
View 3 Replies
View Related
Feb 23, 2011
I have a Dell Latitude d810 laptop that has XP Professional and an Intel PRO/Wireless 2200BG driver. It has been working fine for nearly 3 years. Recently I changed it from a domain to a workgroup and now the internet connection drops after about 5 - 10 minutes.When I say "drops", I am referring to the browser can no longer display the webpage. The internet connection still shows to be "Excellent". I even tried pinging www.google.com and it can still ping the website but the browser just stops working. I have tried Firefox and IE.I updated the DNS to use the default primary DNS suffix. The only way to get the browser to re-establish a connection is by rebooting the laptop.[CODE]
View 10 Replies
View Related
Mar 14, 2013
I'm using two RV180 for a site to site ipsec vpn. The IPSEC VPN connection is working only if I try a manual connect. After some time connection is droped and no auto reconect for it.
View 6 Replies
View Related
Mar 18, 2011
since upgrading to 8.4(1) on our ASA 5520 I've had nothing but issues with our email server not being able to send out emails (timeouts,corruption, etc) and tried everything and then it dawned on me to turn off ESMTP inspection on the ASA's.Since I've down that our Exchange server SMTP works perfectly again.Why is it that ESMTP corrupts emails so badly from exchange server? (ours is a 2010 sp1)does anyone actually use ESMTP inspection at all?
View 3 Replies
View Related
May 20, 2011
The computer in question is one of 30 computers in the same office that is not currently experiencing this same thing. All connected though the same switch, patch panel, etc. Testing has proven that the switch and line is fine.We have a server set up for all of the multifunction printers on property and we simply map the printers through this unit.We have an exchange server for email.File server... for... files. Okay, here is the situation. This IBM desktop will be connected to everything, able to print, email, connect to files, etc etc.Then, or so it seem, will just lose its connection. no email printing etc. She is asked to put in her network credentials again. and usually this works. (it seems that the network dropping out may take up to 3 minuets to fully restore and she tries to put in her credentials too soon).After each event she is able to restart her computer or type in her credentials and get back to work.. after mapping the printer again.
View 4 Replies
View Related
Sep 1, 2011
we got a Sonicwall router and we have been having stability issues. Every 1 minute the TCP connectio is dropped as well as UDP packets. This router is connected to a T1 connection and its requesting a DHCP lease every couple minutes as well. We originally had two WAN connections, and we have disabled the second one because someone thought it was that, but obviously it has to do with the internal network. This is a dual WAN router.
View 4 Replies
View Related
Sep 2, 2012
We have one ASA 5510 but we got the error attached periodically for IPSec/SSL VPN connection but i configured timeout connection as none
View 6 Replies
View Related
Jul 27, 2012
ISP - Comcast Cable Internet Modem model SMCD3GNV wired/wireless combo (2 pcs connected 1 wired 1 wireless)When the connection is online, the speeds are fine- the issue is the 2-3 times a day when the connection drops off. The error that we are getting is "cannot connect with primary dns server" however in our attempts to restore the connection we have: [code] is there some issues in the area that we are not aware of? being that the signal levels are within range what do you think the problem resides in? FYI, both connections, the wired and wireless connections both have connectivity issues equally.
View 6 Replies
View Related
Mar 21, 2012
My computer is one that I built with windows vista, and for the wireless connection I am using a USB adaptor. I am not too sure what other info I need to put here.My connection used to drop frequently (around every 5 min) and I would have really slow speeds (10ish kb/s). Recently, for some unknown reason, the dropping has stopped, but now I am getting speeds of around 9-15 kb/s.
The thing that has me COMPLETELY stumped is when I plug my laptop into the router, the wireless speed on my PC speeds up to, according to speedtest.net, 5.8 Mbps. If I unplug the laptop from the router,the speed on my PC slows down to .25 Mbps, yes - POINT .25 Mbps.I have attached the tester .
View 10 Replies
View Related
Mar 30, 2011
I've been having a number of issues with performance on my DIR-655 with streaming media, internet connection being dropped and random reboots. Over the last couple of weeks it has been getting worse, to the point where I'm about to act out the printer scene from Office Space but with my DIR-655! It has been rebooting, completely killing WiFi networks and Internet Connection, almost every 20 minutes when I'm watching DivX over the network. The relevent information about my network is as follows:
-Hardware:
-D-Link DIR-655
-Hardware Version: A3 (US) , Firmware Version: 1.34NA
As an experiment I reconfigured the DSL-380T into PPPOE mode and set the DIR-655 into DHCP Client. This was over 2 hrs ago. So far - no random reboots, no jittering on the Media Center Extender playing videos, no internet drop outs..It seems to me that the DIR-655 doesn't cope well when it has to do the PPPOE network protocol as well as the routing, WiFi and other basic functionality that it should be able to cope with.I'll leave it running as it now is and report back later, but from the dramatic change in behavior I'm hoping that I've finally cracked my perf issues with the DIR-655.
View 1 Replies
View Related
Jun 9, 2013
I happen to noticed the FWSM was dropping packets at about 387 packets every 5 minutes. My outside FWSM is WAN facing and has a 1gig link (35% utilized) my inside facing has about 100 downstream switches to the closets. I do not see my 6509's back plane is being over utilized and my understanding of the FWSM show be go for 5 gig so it isn't oversubscribe. Why i am seeing packets dropped?
[Code] ......
View 2 Replies
View Related
Jan 14, 2012
We just upgraded from 8.2.4 to 8.2.5.20 on each firewall. The Primary and Secondary work when they are standalone but, when we connect the fail over link from the Primary to the Secondary, invariably, one of them will go into a constant boot cycle and one will be active but, external users will be intermittently dropped. As soon as we unplug the fail over, the firewall that stays up behaves normally. This is with 8.2.5.20 code or any other code for that matter?
View 2 Replies
View Related
Sep 5, 2012
We are implementing a new corporate headquarters and have bought a Cisco 5508. I have two connections plugged into the 5508 in ports 1 and port 2. Port 1 is for all internally wireless networks and connects to our core 6500 and use an external DHCP server scopes. Port 2 is for our guest WLAN and connects directly to a public network switch in front of (outside) the firewall. For the guest network, I have setup a vlan on the controller for dhcp and the interface setup to that vlan and dhcp scope built on the controller. how or can I NAT the internally addressing for the guest network to the public IP address on the controller. Essentially I want to drop of guest network traffic outside the firewall and not have to deal with setting up the firewall for any aspect of guest network traffic.
View 1 Replies
View Related
