Cisco Firewall :: ASA5510 - Giving Error 421 SMTP And Connection Lost
Oct 10, 2011
I 've got some problem with my Mail Server since I've migrated to an ASA5510.Actually the server is in a DMZ with a private Ip ( 10.x.x.2) and it is translated to a Public IP ( 194.x.x.65).Some Users received in there mailbox a system administor error message :Object : Impossible to deliver : testYour message could not be deliver to one or more of its recipients: 421 SMTP connection went away!When they try to re sent it some times later, message is sent whithout problem.
View 3 Replies
ADVERTISEMENT
Sep 3, 2011
We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?
View 3 Replies
View Related
Jul 8, 2012
Up until recently one of my sites was able to get to a postilion subnet. Then we started receiving "host unreachable" e-mails. Posting told us SMTP traffic was not getting let in. I've compared the current config to a config that was saved before the issue popped up and found really no noticeable difference.
I tried a packet tracer trace with no luck: SiteB- Firewall# packet-tracer input outside tcp 11.2.2.36 12345 65.19.0.0 25.
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
[code]...
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Attached is a sanitized config. I'm not entirely convinced it's a firewall issue, but I need to some successful testing to prove otherwise.
View 19 Replies
View Related
Oct 11, 2011
I've got some problem with my Mail Server since I've migrated to an ASA5510.Actually the server is in a DMZ with a private Ip ( 10.x.x.2) and it is translated to a Public IP ( 194.x.x.65).I use these configuration :
static (DMZ,LAN) 194.x.x.65 10.x.x.2 netmask 255.255.255.255 static (DMZ,LAN) 194.x.x.66 10.x.x.3 netmask 255.255.255.255 static (DMZ,WAN) 194.x.x.65 10.x.x.2 netmask 255.255.255.255 static (DMZ,WAN) 194.x.x.66 10.x.x.3 netmask 255.255.255.255 static (LAN,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.248.0
Some Users received in there mailbox a system administer error message :
Object : Impossible to deliver : test Your message could not be deliver to one or more of its recipients: 421 SMTP connection went away!
When they try to re sent it some times later, message is sent without problem.
View 4 Replies
View Related
Apr 22, 2013
I am currently on Time Warner Cable 10 mbps packge, and am using their wireless DOCIS3 modem/router. It is connected in my bedroom to the main computer. That computer stays connected. However, throughout the rest of the house (we have a two story townhome) it will drop completely or give limited connection...constantly. Sometimes I can have my laptop next to me and it will go out or give limited connection. The connection speed never drops, it just goes completely to no connection. Not for sure what is going on, if its on my end or time warner. Has been doing this for quite some time, the cable company comes out and changes the modem, but that's it, couple days later, goes back to doing it again.
View 8 Replies
View Related
Jul 24, 2011
I had been working on our client servers through Cisco VPN using internet datacard. But from past 3 weeks after logging into Cisco VPN using my username/password, when I try to connect to any of the servers, it is giving connection timed out error.
Whereas, my team members across other locations are able to connect to the servers using my VPN username/password.
I thought there might be some issue with my laptop or internet datacard. I got my laptop formatted, even tried out with fresh new laptops & new internet datacards, but the issue remains same.
I have tried using vpn_5.0.06.0160-k9 & vpnclient-5.0.05.0290-k9 to connect but issue did not get resolved.
View 4 Replies
View Related
Aug 28, 2012
I have 2 datacenters running same equipement (two Nexu 5596 with FEX).I just took a look at the log just to see if everything is ok and I saw that I have the same error message (a lot of times) at both location :
%SYSMGR-FEX100-5-HEARTBEAT_LOSS: Service "satctrl" heartbeat loss 2 ,max 7,I though it was a problem with my peerklink-keepalive connection but I see the word FEX ....so i'm not sure...
Note that at both locations, my Nexus are connected back to back through the management port using transceivers. So it's a copper cable from the first nexus, going into a transceiver, going to another transceiver in fiber and then back to copper to the other nexus.
View 2 Replies
View Related
Apr 3, 2011
I have a L2L IPSEC tunnel between a set of failover pair of two ASA5510's and a single ASA5505. Over time they will loose connectivity through the tunnel. The tunnel itself stays up, but cannot pass any traffic.When looking at the tunnel I always see this on the set of 5510's (marked in bold @ IPSEC ID 3)?
View 5 Replies
View Related
Apr 3, 2011
I have Cisco ASA5510 OS version 8.4(1), when i try to apply static command, this command is not found, the NAT issues used nat(inside,outside).
So why i can't found this command ?
View 1 Replies
View Related
May 28, 2012
I have an E1200 and am time out and packet loss issues. The internet connection is fine for 30 seconds to five minuets and then everything times out for 15-20 seconds. Although it’s only a minor incontinence to web browsing, it makes playing games and watching videos a nightmare. “Lost connection to server error.” and the like…
I upgraded to a new router, the e1200 I am currently using, from my Tenda 10/100 N. The problems where the same that I am experience currently and the reason I bought it in the firs place.When I directly connect to the cable modem, I have no issues and everything is fine.I have run a trace route and the second hop, (the router to the modem) is the choke point.I have cloned the MAC address.I have updated the firmware and hard reset
I have throttled my MTU to automatic, 1500, and 1472. None making any difference.I have disabled NAT and all that does is kill my internet connection.I have disabled all firewalls router and windows, no change.I replaced the physical wire from the router to the modem.I have disconnected all devices except one computer, and no difference.I ran a DNS trace and I have… non routable local internet address 192.168.1.1 DNS-cac-lb-01.rr.com and DNS-cac-lb-02.rr.com.I am using windows 7 and my ISP is time Warner so-cal.
View 8 Replies
View Related
Apr 24, 2013
Up to today I used Verizoon 4G to a Windows Visata box running Internet connection Sharing to get my home lab connected to the Internet . All was working well.
Today I had Hughesnet come and installl their service and I can no longer get access to the Internet from my PC netowrk. my VPN to my office for my IP phone coomes up an works just fine. At the router I do have Internet access which then leads me to believe that my problem is NAT related.
My router is a 2851.
When I enter PING 4.2.2.2 I get !!!!! but when i enter PING 4.2.2.2 SOURCE 192.168.69.3 I get .....
Here is my config info:
crypto isakmp policy 1
encr 3des
hash md5(code)
View 1 Replies
View Related
Jun 20, 2012
i m trying to connect two routers a Cisco DPC3825 (r1) and DIR-655 (r2) and at the end getting the error. i have disabled the SPI firewall on r1 and connected an ethernet cable lan to lan between the two. i don't want to confuse with whatever the mess i have done previously,Tell step by step what i should do to connect these two routers.PS: in addition, the gateway ip of r1 is 192.168.0.1 with subnet mask of 255.255.254.0 and the gateway ip of r2 is 192.168.0.2 with subnet mask of 255.255.255.0. r1 has a ip range of 192.168.0.10 to 192.168.0.128 while r2 has range of 192.168.0.100 to 192.168.0.199.
View 7 Replies
View Related
Dec 26, 2012
After a successfull installation of NCS 1.2 into a vmware environment and run the setup I have the following error while trying to start or to have a status for NCS (ncs start ot ncs status):sh: /opt/CSCOlumos/bin/wcsadmin.sh No such file or directory
View 10 Replies
View Related
Jul 14, 2011
I have a WiFi printer connected to an CWAPP Cisco AP AP1250. I am using WPA2-PSK to connect to this AP. I find that the printer connects to the AP at times and at times it does not. I got an error message from the Capture an error on the backend controller of the network."Authentication Request received invalid RSN IE Mismatch WP2 algorithm"
View 3 Replies
View Related
Jul 5, 2012
I have one 5500 and about 15 Cisco 3502 APs.
The problem is that one of the clients loses the connection to the network time to time ,The error in the WLC logg is
*Dot1x_NW_MsgTask_0: Jul 06 17:42:38.934: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 24, Key type 1, client 00:21:6a:af:be:70
View 4 Replies
View Related
May 15, 2013
I have an 1841 that was working fine - I could SSH to it with my Radius login and console into it with local credentials ("Fred").I added another use ("Mike") with priv 15 so the end user could log in locally via console if needed.After that, we can both log in via console, but when we try to enter privileged mode we get "% Error in Authentication", before even entering the password.I can still log in via Radius SSH with no problems and access privilege mode via SSH.What am I missing so we can have two different users be able to log in locally with different credentials and access privileged mode, and keep my ssh radius working?
View 3 Replies
View Related
Apr 4, 2011
We're seeing "OutDiscard" error on a LAN switch connected to newly migrated Cisco IP phones. All the other error counters are clean except for the OutDiscard. (please see attached "show int count err" output.) [URL].
According to the link above, the common cause of such discards can be to free up buffer space.(Am I seeing a switch buffer issue?) How to identify/resolve the cause of the OutDiscard.The switch is 3750-E running c3750e-universalk9-mz.122-44.SE6.bin
View 1 Replies
View Related
Oct 5, 2011
I was using my internet on my Acer Windows 7 operating system wireless just fine on Monday. I tried to use it on Tuesday and could not connect to the internet wireless any longer. I get an error message next to my network stating ""The settings [COLOR=green ! important][COLOR=green ! important]saved[/COLOR][/COLOR] on this computer do not match the requirements of the network"I have never encotured this kind of problem before. I proceeded to call Comcast who did all kinds of trivial beginner troubleshooting such as restart the router, restart the modem turn on and off the computer.
View 3 Replies
View Related
Mar 4, 2012
Just bought first wireless router, when i insert CD and start setup, after a few seconds i get Error 301: internal error. i have rebooted and still no luck. I've tried going to 192.168.1.1, i got in one time but didn't understand half the stuff. now i can't go back into that page.
View 8 Replies
View Related
Feb 27, 2011
I changed a configuration and suddenly I lost the internet connectivity... Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif ATT security-level 0 pppoe client vpdn group ATT ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone EST -5clock summer-time EDT recurringsame-security-traffic permit inter-interfaceobject-group service DM_INLINE_TCP_1 tcp port-object eq ftp port-object eq ftp-data port-object eq wwwaccess-list ATT_access_in remark Linkstation Accessaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in remark Linkstation
[code]....
View 3 Replies
View Related
Nov 28, 2012
I have a Cisco ASA 5520 that we was working properly. I tried to create a VPN IPSEC to test but when I finished the wizard I lost the conection between the inside interface and outside. I use other interface for DMZ and other for printers network but this adapters are working properly. I have reviewed the NAT's and the ACL's but I don't see the problem?
I have delete the VPN IPSEC but it's still not working and I have the network down
View 2 Replies
View Related
Jun 13, 2011
I have a monitoring rule that checks the number of connections on the firewall using the following command: show conn count
My results are always between 3,000 and 9,000.A while back, I had an issue where all 130,000 connections were being used up. I configured a service policy to limit the number of connections between any two end points.
I'm monitoring the error logs and I'm noticing that my connection limit rule is being triggered on a regular basis. I receive the following message.Per-client connection limit exceeded 20000/20000 for output packet from x.x.x.x to x.x.x.x on interface outside
I'm confused as to the difference between the connections limited by my rule and the connections shown by "show conn count". why I never see any connections higher than 9,000 using "show conn count" yet I am seeing alerts stating that the firewall has reached 20000 connections?My firewall is an ASA5510 running.
View 1 Replies
View Related
Feb 21, 2011
We find ourselves in a difficult situation with the Cisco VPN Client version 5.0.07.0290 where it keeps giving us an
"Error 42: Unable to create certificate enrollment request"
When we attempt to use the Online enrollment method to create and enroll a new certificate. There is no additional information in the VPN client logs where we have set 3-High for all logs. In addition, Wire shark does not show any packets sent from the machine running the client to the Cisco 3825 router which runs the Cisco CA.
To create and enroll a certificate we do the following:
1. Click on the Enroll button to show the Certificate Enrollment dialog
2. Select Online
3. Select <New> for Certificate Authority
4. Enter http://192.168.120.1 as CA URL (note, 192.168.120.1 is the IP of the Cisco 3825)
5. Click Next to display the dialog where we can enter certificate details
6. Enter details in all fields except IP Address and Domain
7. Click Enroll which shows a dialog with the Error 42 ... message in it.
If we attempt to create a request by using the File method, all works fine, that is, the client creates a file with the enrollment request. The fact that the client does not send any messages to the Cisco CA leads us to believe that we have a problem on the client machine. However, the client does not write any information in the logs, so it is a bit hard to fix the problem. I can provide additional configuration information if required for both the client and the Cisco CA. Note that we have not modified any client configuration. Basically, we installed the client on a Windows 7 64bit machine and attempted the steps listed above.
View 2 Replies
View Related
Jan 30, 2012
Trying to connect two systems together but was giving error that contact network administrator,one system is laptop with wireless and other is desktop but connect through cable but running windows XPSamson
View 1 Replies
View Related
Mar 19, 2013
I bought belkin N150 recently. I tried to configure with my ISP. They are surprised how I don't have DHCP option in the wifi configuration and asked me to upgrade my firmware. When I tried to upgrade. I downloaded the firmware from [URL] tried to upgrade. It is showing file format error.
View 2 Replies
View Related
May 18, 2010
Running ASDM V6.3 connecting to a couple of ASA5580's V8.2. After initial configuration everything seemed to work great, however, as of a few days ago I can no longer view statistical information. I can attach to the devices without a problem, view and edit all configuration information but the dashboard applets do not pull or display any statistical info. Resource, Interface, and Traffic status all time out with the error "Lost Connetion to Firewall". The syslog info is not display rather the error "Syslog Lost Connection". My first thought was a java issue on the client. I have ripped out and reinstalled even back-revisioned to no avail. I'm to the point where a dumpe of the management workstation is the next step. I'd like to avoid that extreme if possible.
View 3 Replies
View Related
Mar 10, 2011
Our ASA 5510 is running 8.0(5). We recently upgraded the license from base to security plus. By doing so the capacity of the the external port Ethernet0/0 and Ethernet0/1 should increase from the original FE to GE. But, we were still seeing 100 Mbps on our Ethernet0/0 interface. We figured that out that the provider switch is only supporting 100 Mbps which is a bottleneck for us.The provider will be upgrading there switches to 1 Gb switch.
We will have to swap the switch connections now from 100 Mbps to 1 Gb switch.What commands should we be familar ourself with?Though this will be doine in our maintenace window.All the transaltions/connections will be dropped in our production environment so we are kind of scared.
View 3 Replies
View Related
Sep 11, 2012
Hardware: RV082 V03
Firmware: RV0XX-v4.2.1.02
Lan: 192.168.1.0/255
Static routing: 192.168.1.239 to 172.25.152.64/224
The unit is configured as internet gateway. 4 NAT ports are active. When firewall disabled all works fine. When firewall enabled I do get connection lost at random interval. In firewall only 4 rules added to the default 3 rules. The added rules are:
1/ permit 192.168.1.22 port 25 to any
2/ permit 192.168.1.27 port 25 to any
3/ permit 192.168.1.10 port 25 to any
4/ deny any port 25 to any
I do get at random times connection lost when navigating with windows explorer on a PC with IP 192.168.1.x to a share on a PC with IP 172.25.152.74. The same happens when copying files. Sometimes it works, later it fails or reties are needed. When the firewall is switched off all runs fine.
Ping from 192.168.1.x to 172.25.152.74 allways give a <1ms response
Is there a RV082 perfomance problem or do I have a configuration problem?
View 4 Replies
View Related
May 14, 2012
I have ASA 5510 with 8.2.4 and 8.0.x OS and all seem to have common problem of idle TCP connections not timing out. The host to host connections are coming over VPN tunnels. I have default timeouts on all the firewalls. I have tried changing global timeouts and as well as host specific timeouts using MPF but doesn't work at all ! The problem is when TCP connections are sitting idle in conn table for days and when connection limit of 50,000 conns reach the firewall starts behaving unpredictably dropping packets or unresponsive! I need the unused idle connections to timeout which is NOT happening either by changing global values or MPF.
View 1 Replies
View Related
Sep 4, 2011
Actually all service from site to site is permitted, without restriction.I want to insert an ASA to block some internet traffic on main site.I try to configure my ASA5510.No problem for outgoing connection or to permit a single service on main site.But impossible to give access to all service/connection from all remote site to main site. [code]
View 7 Replies
View Related
Mar 8, 2011
I Changed my old firewall by an ASA5510, since that change my internet connexion is slower.Some websites takes longer to display.I would like to know if there are some specific configuration about TCP connection or DNS to setup?
I just configured the ISP DNS :
Dns server-group DefaultDNSname-server 194.2.0.20 name-server 194.2.0.50
View 4 Replies
View Related
Feb 10, 2010
I installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.
View 9 Replies
View Related
Aug 2, 2011
We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0). The original configuration.
View 2 Replies
View Related
