Cisco Firewall :: ASA5510 SMTP Traffic - Host Unreachable

Jul 8, 2012

Up until recently one of my sites was able to get to a postilion subnet. Then we started receiving "host unreachable" e-mails. Posting told us SMTP traffic was not getting let in. I've compared the current config to a config that was saved before the issue popped up and found really no noticeable difference.
 
I tried a packet tracer trace with no luck: SiteB- Firewall# packet-tracer input outside tcp 11.2.2.36 12345 65.19.0.0 25.
 
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
 [code]...
 
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
 
Attached is a sanitized config. I'm not entirely convinced it's a firewall issue, but I need to some successful testing to prove otherwise.

View 19 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5510 / IPS SSM Could Not Connect To SMTP Host

Sep 3, 2011

We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?

View 3 Replies View Related

Cisco Firewall :: ASA5505 8.4.2 NAT To Forward SMTP And RDP Traffic To Internal Host

Nov 26, 2011

I am new to the ASA series and I am at a complete loss as to why I cannot configure this router to forward SMTP and RDP traffic to an internal host.
 
The packet trace tool in ASDM shows complete end-to-end connectivity for RDP but it still fails to connect from outside. This is my config file, what I need to change in order to make it work?

View 19 Replies View Related

Cisco Firewall :: ASA5510 - Giving Error 421 SMTP And Connection Lost

Oct 10, 2011

I 've got some problem with my Mail Server since I've migrated to an ASA5510.Actually the server is in a DMZ with a private Ip ( 10.x.x.2) and it is translated to a Public IP ( 194.x.x.65).Some Users received in there mailbox a system administor error message :Object : Impossible to deliver : testYour message could not be deliver to one or more of its recipients: 421 SMTP connection went away!When they try to re sent it some times later, message is sent whithout problem.

View 3 Replies View Related

Cisco Firewall :: ASA 8.4 / NAT SMTP Traffic From Outside To Inside?

Dec 25, 2012

Most examples of NAT translation using an ASA 8.4 are based on servers within a DMZ. In my case it's not because the mailserver also functions as an data and Active Directory server for my local domain.  If tried to config the ASA for a while now and throw it in the corner for a couple of months out of frustration. Now I got some time left during christmas break I decided to start again.My purpose is to NAT SMTP / POP traffic from the internet, trough the ASA to my (inside) server. This is what I got so far. With this config I'm unable to telnet the inside server (192.168.1.10) from a remote location.
  
ASA Version 8.4(3)!hostname ciscoasaenable password cE8UUNd encryptedpasswd 2KFQ.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.218 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network server1_smtphost 192.168.1.10object network server1_pop3host 192.168.1.10access-list outside_access_in extended

[code]....
 
I can ping 192.168.1.10 from the ASA CLI. I can Ping DNS 4.2.2.2 from the CLI (internet access). I can Telnet the server from the inside LAN, using: telnet 192.168.1.10 25.But I can't Telnet from an outside location using: Telnet 95.*.*.218 25 Because my server is on the Inside interface (diffenrent subnet) do I need an additional route?

View 5 Replies View Related

Cisco Firewall :: How To Log Incoming Traffic (SMTP) On PIX 515E

Mar 6, 2013

I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console.Do I need to use a SYSLOG server? I can probably set one up on my laptop.

View 1 Replies View Related

Cisco Firewall :: ASA-5510 Dropping Outbound SMTP Traffic?

Aug 21, 2011

A recently added outbound rule has left my SMTP communications broken. I have since removed the rule, and had Cisco do some damage control, but it's still dropping some of the SMTP traffic. I get a number of NDR messages each day like the one below:Your message did not reach some or all of the intended recipients. Subject: RE: Christopher, Curt Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached:
  
[URL]
on 8/21/2011 9:49 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<630.SM.Local #4.4.7>
 
Your message did not reach some or all of the intended recipients. Subject: RE: Christopher Curd Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached:   JWillar@email.com on 8/21/2011 9:49 AM  Could not deliver the message in the time limit specified. Please retry or contact your administrator.  <630.SM.Local #4.4.7>
 
I've attached an image of my configuration (ASDM GUI). The part of the image highlighted in green are the SMTP rules. The part highlighted in yellow is another rule that I added about a month ago to block a SYN attack. This rule may be part of the problem because of the order it is in the list. Not sure, though.
 
I have had two Cisco techs Putty into my ASA to check things out. I think they've done all they can. I wonder at this point if it be wise to just reload the last good running-config I have prior to the Outbound rule being added.

View 13 Replies View Related

Cisco Firewall :: ASA 5505 Doesn't Allow Local Provider SMTP Traffic

Aug 7, 2011

We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.

View 4 Replies View Related

Cisco Firewall :: ASA5510 - Contacting Host Through VPN Failed

Apr 27, 2009

I would swear this worked at one point.  I have a corporate office, and I have IPSec tunnels out to my outside offices.  The corporate office has an ASA5510, and most of the remote offices are running off of Pix506s, one office has an ASA5505.
 
When anyone connects through WebVPN, using AnyConnect or not, they can contact any of the cifs shares for servers inside the corporate office.  They cannot, however, contact cifs shares on servers that are in the remote offices.

View 4 Replies View Related

Cisco Firewall :: 5510 How To Configure Local LAN SMTP Traffic Sending Through New Leased Line

Jun 11, 2012

We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow  SMTP traffic to pass through  from this interface.
 
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).

View 2 Replies View Related

Cisco Firewall :: ASA5510 Doesn't Shun Host From Outside Interface

Sep 13, 2011

I've been trying to configure the threat-detection scanning-threat shun feature on my ASA5510 running 8.4(2) for some days now. From searching the support community I can see that I'm not the only one having a problem with this feature. The problem I'm having is that after configuring scanning-threat shun, no outside attacking hosts are being shunned. I'm using nmap to simulate a scanning attack. [code]
 
Is this the expected behavior of scanning-threat shun? If so this feature is of very little use to me as blocking my inside LAN is not my goal. I'm trying to protect my LAN from Internet attack. I can add the except command and exempt my LAN, but this still doesn't fix the problem of outside hosts not being shunned.

View 2 Replies View Related

Servers :: Destination Host Unreachable - Using Windows XP?

Dec 16, 2011

Im running 10 units of computers, anyhow my server has no internet connection, the other 9 units has net connection,when i ping the diagnosis is destination host unreachable.I'm using windows XP.

View 1 Replies View Related

Thomson TG585 - Destination Host Unreachable

Dec 15, 2012

My old router recently died and my ISP was kind enough to offer this Thomson one free. But ever since I got it, my PCs cant see each other on the homegroup. They can all get onto the internet - and by using programs like Dropbox or Teamviewer I can share info from one to the other- but I'd like to get my homegroup working again, Both my PCs are running Win 7, connecting wirelessly to the network. When trying to tracert from one to the other it gives this message: Tracing route to GLaptop.lan [192.168.1.79] over a maximum of 30 hops: 1 GDesktop.lan [192.168.1.82] reports: Destination host unreachable. The problem persists when firewalls on both PCs are disabled, and I've attempted to delete the homegroup on both PCs and re-create it.

View 5 Replies View Related

Destination Host Unreachable - Can't Connect To Internet

May 11, 2012

My internet connection started to disconnect after an office mate used my PC. I thought it was just the cables but it's not. I pinged my ip address and its okay (sent=4; received=4). But when i ping Yahoo! and other websites, it said that "Destination host unreachable" (sent=4;received=0;lost=4;100% loss). What should I do to make my connection okay? I didn't ask assistance from our IT personnel bcoz they said if i want to reconnect/reinstall connection, I have to get an approved request from our bosses. And I don't like being asked bcoz they are like tyrant bosses.

View 2 Replies View Related

Can't Communicate Between Wireless And Wired - Destination Host Unreachable

May 7, 2011

I have 2 brand new systems, a desktop running Windows 7 Pro connected with a had line, and a laptop running Windows 7 Home Premium connected wirelessly. Both can access the router, both can access the internet, both can be pinged from the router. However, they absolutely cannot see each other on the network. If I try to ping by name, the addresses don't resolve. If I try to ping by IP, I get either no reply or the "destination host unreachable."I've disabled firewall completely on both. I've double, triple, quadruple checked all sharing settings (network discovery is enabled on both, sharing enabled everywhere, etc. etc.). I've tried disabling all other network adapters on the laptop, no difference. I've tried all of the online tips about repairing winsock.

View 8 Replies View Related

Cisco Switching/Routing :: Destination Host Unreachable 2400

Jun 8, 2012

My company has a Cisco IAD 2400 which is handling our phones and the internet (from Service Provider). We are adding a second router, a Cisco 1921, to our network,I think I have everything set up correctly. One department is using the 192.168.2.0/27 subnet. I can ping each computer within that subnet. Also, within this subnet, I can ping the router interface at 192.168.2.1. I can ping 192.168.1.2 successfully as well. This is the interface on the 1921 that goes to the 2400. However, if I try to ping 192.168.1.1 (interface on 2400), I get "Reply From 192.168.1.236: Destination Host Unreachable" I get the same thing if I ping 8.8.8.8.Within the 1921, I can ping 192.168.1.1 and 74.125.224.72 (random google ip) successfully.

View 1 Replies View Related

Cisco Firewall :: Create Static PAT To Allow Host Address To Access Network Through ASA5510

Aug 23, 2012

The old syntax that I am much more familiar with has been deprecated.  On older IOS it would have been something like static (inside,outside) tcp 209.114.146.122 14033 192.168.30.69 1433 netmask 255.255.255.255  Plus an extended ACL to allow the traffic.I am trying to create a Static PAT to allow a host address to access our Network through an ASA.  I have external address 209.114.146.122 that I want to hit the external interface on an obscure port (say 14033) and translate that traffic to an internal host address on  port 1433.

View 11 Replies View Related

Routers / Switches :: Ping 10.0.0.1 -t Give Destination Host Unreachable?

Mar 17, 2013

ping 10.0.0.1 -t give me destination host unreachable in the same time when i wright ping 192.168.1.1 -t it give me the correct reply but the net doesnt work

View 3 Replies View Related

Ping - Destination Host Unreachable And Time To Live Exceeded

Oct 17, 2011

when do we get Desteination host Unreachable and time to live exceeded while trying to ping .

From 10.1.1.1 icmp_seq=2 Destination Host Unreachable
From 10.1.1.1 icmp_seq=4 Destination Host Unreachable
From 10.1.1.1 icmp_seq=7 Destination Host Unreachable

View 1 Replies View Related

Linksys Wireless Router :: E3000 - Getting Destination Host Unreachable

Apr 12, 2012

Cisco Linksys E3000
 
I have different types of network clients connecting to both bands of router (5 ghz and 2.4 ghz), and both bands set to WPA2 only. Everything has been set up and working for the past year with no problems.
 
Suddenly this morning, none of the 2.4 ghz clients can connect and get authenticated. When I attempt to ping them from a Windows 7 desktop connected by a LAN cable, I get Destination Host Unreachable.
 
The 5 ghz clients are fine and have had no problems. I tested this with the New iPad connected to the 5 ghz band.
 
Rebooted the E3000 router and the Comcast cable modem, then installed the newest firmware on the E3000 using the web access portal at 192.168.1.1, and still not working.
 
Changed the WPA2 Personal security mode for the 2.4 ghz band to WPA2 Personal/WPA Mixed Mode, and now all the clients are connected and authenticated and working OK, albeit slower.
 
What happened? And how can I fix this so I can change the security mode for the 2.4 ghz band back to WPA2 Personal?
 
P.S. The types of clients that connect to the 2.4 ghz band are 2 Windows 7 desktops, a Windows 7 laptop, and 5 Cisco Wireless N Internet Home Monitoring Cameras. The camera feeds have slowed down considerably using this Mixed mode.

View 1 Replies View Related

Linksys Wireless Router :: WRT54G Unreachable Host And No Ping

Sep 26, 2011

I've tried everything that has been posted so far except for opening up the router itself which I will refuse to do.- Getting = Host Unreachable 192.168.1.20 (I am using 192.168.1.1 as the gateway)- No ping whatsoever even when turning on the router over and over.

View 2 Replies View Related

Servers :: Ping Locally / Reply Successful - Destination Host Unreachable

Mar 4, 2011

I am using the window server 2008 and configure tcp/ip properties correct ping locally reply successful when ping localy but when ping yahoo.com then reply destination host unreachable whereas gateway and dns ip is also correct configure so tell me solution about this problem because i am useing the internet.

View 1 Replies View Related

Linksys Wireless Router :: WRT54G2 V1 Bricked / Destination Host Unreachable

Jan 2, 2011

I attempted to upgrade the firmware on the WRT54G2 V1 (the newer, slim black model) but it failed. I let the upgrade run for about 10 minutes and it just sat there and link to router disconnected I run ping for 192.168.1.1 but response is "DESTINATION HOST UNREACHABLE". The router is now completely unusable and the ALL LAN ports lights are ON and Internet light is also ON.

View 9 Replies View Related

Cisco Firewall :: 2821 Way To Allow Return Traffic From Internet For NAT Host

Jan 5, 2012

On a 2821 Router with 15.1(3)T1
 
I have an IPSec VPN and NAT configured.  Return traffic from an internal NAT host seems to be blocked by the WAN inbound ACL. What is the proper way to allow return traffic from the Internet for this internat NAT host?  Note: As a test, removing the deny entry on the WAN ACL allows return traffic.

View 7 Replies View Related

Cisco Firewall :: ASA5510 Allow Traffic From DMZ To LAN

Sep 18, 2011

My device has 3 interfaces configured: inside, outside, DMZ.  Right now I can access the DMZ from the Internet and I can access the DMZ from the LAN using an exempt nat statement.  I am having a few issues setting up DMZ > LAN access however.  The servers running on the DMZ need to send information to my LAN such as syslog traffic for example.  Will DMZ traffic be NATed or should this somehow be excluded?  Bascially all LAN devices should get to the DMZ devices by their actual IP and vice versa.  Are there any special statements I need to add to the ASA such as nat or ACLs to make this work?  My LAN is 10.10.6.0/24 and DMZ is 192.168.254.0/24.

View 1 Replies View Related

Cisco Firewall :: Can Traffic Shape To 200Mbps On ASA5510

May 30, 2012

I have ASA5510. It's include security plus license.I want to traffic shape to 200Mbps. But , I checked a CCO.CCO said that  a shaping limit is 154400000. "Enables traffic shaping, where the average rate argument sets  the average rate of traffic in bits per second over a given fixed  time period, between 64000 and 154400000. "It's mean shaping limit 154400000 ?Can I shape to 200Mbps ?

View 2 Replies View Related

Cisco Firewall :: ASA5510 Not Routing Traffic To Internet

Sep 2, 2012

I have just set up a Cisco ASA 5510. It basically only contains the settings provided in the startup wizard. It however does not let through traffic from the internal interface to wan 2 (wan 1 is not connected yet but traffic should also be able to go there).

View 2 Replies View Related

Cisco Firewall :: ASA5510 - Separate Traffic By Protocol

Apr 9, 2012

I would like to connect a second ISP link to our ASA 5510 to solely serve http traffic from our organization's employees (ie. web surfing). We currently have all employee traffic and two site-to-site VPN tunnels connecting to the internet from this firewall. I want to keep the tunnels as currently configured on the existing connection and split out http/https traffic from our staff onto a less costly link.

View 1 Replies View Related

Cisco Firewall :: ASA5510 / Inbound Traffic Being Blocked

Nov 7, 2012

I have an ASA5510 with 8.3 and a Cisco PIX525 (retiring). The ASA was for VPN traffic only while the PIX was for all other Internet traffic. I'm trying to move all the traffic to the ASA5510 so I used the PIX to ASA migration tool. I migrated the PIX rules over to the ASA5510, however we can't receive email and there is no external access to our internal websites. But the VPN connections remain intact and internal users can get out to the internet.
 
When I run Packet Tracer on my outside (incoming rules) the packets are dropped at the inside interface. What am I missing?

View 1 Replies View Related

Cisco Firewall :: Allowing Multicast Traffic To Pass Through ASA5510

Mar 1, 2011

I ' m not able to configure the asa 5510 to allow the multicast traffic to pass through ASA.The multicast traffic have to pass from inside interface to outside interface.Can I configure the multicast traffic to pass through asa with a static nat ?

View 1 Replies View Related

Cisco Firewall :: ASA5510 / Block HTTPS Traffic In CSC Module?

Dec 15, 2011

I am having an ASA5510 with a CSC-SSM-10 module. I am able to block http traffic through the ASA but cannot block https traffic through it. Need to block https traffic using the CSC module.

View 19 Replies View Related

Cisco Firewall :: ASA5510 - Traffic Between Multiple Inside Interfaces

Oct 10, 2011

I've been trying to figure this one out for quite a while.  I currently have 2 inside interfaces (data, phone) and I am moving to 3 inside interfaces (servers, workstations, phones).  I have not been able to get any traffic between the interfaces.  With the current setup it was not a major problem.  With the new setup it will be a major problem.
 
Below is a sanitized version of the config.

ASA Version 8.2(1)
!
hostname BOB

[Code].....

View 11 Replies View Related

Cisco Firewall :: ASA5510 - Redirect HTTP Traffic To Internal Proxy?

Feb 13, 2011

I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
 
Http Traffic will be routed like that : PC ->  WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved