Cisco Firewall :: Cannot Get RDP And Email Out Through ASA 5510 5520

Jul 24, 2012

I've been trying to switch out our old firewall which is a 5510 for our new 5520, but we keep running into this problem on both devices with almost the exact same configs. Currently I have the 5510 installed, and I cannot get our email server and RDP server to ping out to our internet gateway.
 
Attached is a sanitized config. From the config you can see the internal address of the email server is 11.2.1.29, external address is 73.13.198.211. RDP server is internal address 11.2.1.33, external 73.13.198.212. Our internet gateway is 73.13.198.209.
 
From another computer with a 11.2.1.X address I can ping out to the internet gateway. The other two devices drop (I believe) when they hit the firewall.
 
Static mappings (again from config):
static (inside,outside) 73.13.198.211 11.2.1.33 netmask 255.255.255.255
static (inside,outside) 73.13.198.212 11.2.1.29 netmask 255.255.255.255
 
Original access list:
access-list outside_access_in extended permit tcp 64.19.0.0 255.255.240.0 host 73.13.198.212 eq smtp
access-list outside_access_in extended permit tcp host 67.228.177.117 host

[Code]....

View 6 Replies


ADVERTISEMENT

Cisco Firewall :: 5520 - Two Private To One Public Email NAT Going

Nov 8, 2011

How to setup this Nat on an ASA 5520 running 8.3.2 code? I know this must be possible as I can do the same thing on my Check Point with no issues. I need to Nat two dmz mail servers to one public mx record. I will have an F5 to load balance inbound and outbound traffic from the mail servers. So I need to Nat two private IP’s to one public.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Email Alert Configuration

Apr 26, 2010

I am trying to setup email alert on our ASA 5520 so that i can receive emails to my exchange account below is the configuration [code] The smtp server is in our internal network.first i am not able to ping 172.17.1.12 as ping is blocked.i did this confgi like two days before..but ca see alerts and error messages through asdm but no mail is  coming in.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Get Email When Network Is Down

Jul 24, 2011

I am not sure if this can be done in asa 5510.  Is there any way we can configure that when our public ip goes down i get an email?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Email Logging VPN Traffic

Feb 29, 2012

I use ASA 5510 and I would like to log VPN traffic ( for example, as soon as a remote user try to connect to the asa). I would like this log be send to a specific mail address. I already configure Email Logging for severity  ( level 3) and it works well.
 
How I can add the VPN traffic Log ?

View 4 Replies View Related

Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out

Mar 5, 2011

I am having two issues:
 
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
 
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....

View 2 Replies View Related

Cisco Firewall :: Can't Send Or Receive Email From Exchange Behind ASA 5510 With CSC

Jan 17, 2012

We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM.  We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Send Only Alarm Of Attack By Email

Apr 12, 2011

I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
 
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.

View 10 Replies View Related

Cisco Firewall :: ASA 5510 - Unable To Receive Email From Outside Network

Mar 26, 2013

I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace.  I have been tasked to switch the firewall out with a cisco asa firewall 5510.  The sonic firewall currently allows email traffic, web traffic, and dns traffic.  When I use the current config below on the asa I am unable to receive email from the outside network.  I can send and browse websites but I cannot receive email. 
 
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj

[Code]......

View 3 Replies View Related

Cisco Firewall :: Use ASA 5510 Smart Call Home Feature For Automatic Backup Creation By Email

Feb 10, 2013

I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.

OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to fcaccam@example.com...
ERROR: Connecting to SMTP server xxx.xx.xxx.xx failed: CONNECT_FAILED(33)
ERROR: Failed: CONNECT_FAILED(33)

View 1 Replies View Related

Cisco Firewall :: FWSM 4.0 Email Server Cannot Connect To Email Gateway

Aug 8, 2012

I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
 
1. How FWSM create xlate table like that? I mean it look like NAT0 for 158.137.21.26 but it doesn't has any nat rule for 158.137.21.26 on firewall.
 
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
 
3. After clear xlate global 158.137.21.26, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.

View 1 Replies View Related

Cisco Firewall :: Failover Between ASA 5510 And 5520?

Sep 27, 2012

Cisco still doesn't provide failover (active/standby) between two different types of ASA, right?
 
[URL]
 
"The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM"

View 1 Replies View Related

Cisco Firewall :: How To Get Top Talkers On ASA 5510 / 5520

Sep 24, 2012

We ahave ASA 5510 and 5520 @ our office. We are not using any netflow tools in order to get the talk talklers.As this firewalls are shared firewall (used by different Projects), we are not able to get , which project is using more traffic and which is less.

View 3 Replies View Related

Cisco Firewall :: LMS 4.0 Cannot See ASA 5520 / 5510 Configurations

Sep 30, 2012

I have an issue with the LMS 4.0, i added manually the ASA Fws 5520 and 5510, and i see them there, but i cannot see the configuration, inventory and technology details.Telnet is deactivaved in ASA´s, ssh and snmp v3 are enabled.Routers and switches were added without issues.

View 3 Replies View Related

Cisco Firewall :: Export Configuration From ASA 5510 To ASA 5520?

Oct 14, 2012

I have new ASA 5520 units currently we are using ASA 5510... I have to migrate all the configuration to the new ASA 5520 units....I am wondering is there a possible way to export and import certificates from ASA 5510 to 5520....
 
how to export or copy all the configurations, plug-ins, certificates from 5510 to 5520.Existing configuration snapshot...CA certificates from third party installed for authentication and identity certificate from Verisign

WebVPN
Anyconnect
Plug-ins
IPSEC tunnels
NAT

View 1 Replies View Related

Cisco Firewall :: Webfiltering On ASA 5505 / 5510 / 5520?

Feb 12, 2013

is it possible to configure a webfiltering on ASA 5505,5510,5520 ? So if its possible can you provide us a configuartion template.

View 3 Replies View Related

Cisco Firewall :: Would A 1GB 5510 Memory Stick Work In A 5520

Sep 19, 2012

Are the ASA memory DIMMs created for specific models?  Would a 1GB 5510 Memory stick work in a 5520?

View 1 Replies View Related

Cisco Firewall :: 5510 To 5520 Configure File Transfer?

Jan 3, 2013

Is it possible to import the config of a 5510 to a 5520. Trying to replace two 5510's with 5520's and wondering is there a way import the existing config files for the 5510's into the 5520's?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 / 5520 - Number Of Users That Can Be Created

Jul 5, 2012

How many user accounts i can create to a Cisco ASA box? Say for example a Cisco ASA 5510 or Cisco ASA 5520?

View 5 Replies View Related

Wireless :: Deleted Item Email Troy From Incoming Email?

Mar 21, 2011

I deleted an incoming email titled troy from my email inbox by mistake I need to recover this email as it came from my son in bali [URL] edited by moderator: Deleted Email address to prevent Spam

View 1 Replies View Related

Cisco Firewall :: Getting Email Delay On ASA 5500

Jun 6, 2012

I have an issue with a Cisco ASA 5520. It seems to block some emails incoming from some recipients. The sender's mail server clearly reports my ASA as cause of the problem (see attached image). Unfortunately I have not the logs about that event and the time frame to close this issue is very narrow.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Sending Email Alerts?

Oct 14, 2012

I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.

View 1 Replies View Related

Cisco Firewall :: Does ASA 5500 Have Email Alert Function

Oct 7, 2012

If asa finds the abnormal behavior, can set up and send email to administrative mailbox?

View 6 Replies View Related

Cisco Firewall :: Email Port Open For ASA 5505?

Jan 16, 2012

when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
 
access-list  outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3

[code]....
 
Are there any other TCP ports want to be allowed and other command lines need to be added?

View 5 Replies View Related

Cisco Firewall :: ASA5505 Dropping TCP Connections For Email With Attachments?

Jun 23, 2011

6Jun 24 201118:08:44209.85.213.5458623174.141.xx.xx25Deny TCP (no connection) from 209.85.213.54/58623 to 174.141.xx.xx/25 flags RST on interface outside I am getting this error in my asdm logs whenever I try to send an email with an attachment. Regular email go through fine. If I send a 1mb file it seems to go through after several attempts. If I send a 5mb file it might go through anywhere between 4-15 hours. It doesn't matter where I send from. Sometimes it will say ACK or RST ACK on interface instead of RST. The ASA is running 8.3.1 code. I have tried inspect ESMTP and removed it, tried sysopt connection timewait. I am at a loss.

View 1 Replies View Related

Cisco Firewall :: ASA Version 7.22 Email Logging Source Interface?

Jan 10, 2012

I've got email logging for a few specific syslog messages working and sending to an email server on the inside network.  However, the source IP ends up being the DMZ interface.  Is there a way to force it to use the inside IP instead?
 
ASA Code Version 7.22
 Inside Interface IP:  10.104.36.4  Mask:255.255.255.0
DMZ IP: 10.100.20.1  Mask:255.255.255.0
SMTP Server IP: 10.100.10.100 
 
Logging commands in config:

logging enable
logging list email-alerts message 106100
logging mail email-alerts
logging from-address ASA@xyz.com
logging recipient-address tgw@xyz.com level debugging

View 3 Replies View Related

Cisco Firewall :: Configuring Ironport C160 Email Appliance

Sep 20, 2011

One interace is setup as the management interface on a 1 subnet  (which is our main network/domain).
Second interace is setup on a 2 subnet (eventually this will be configured to receive incoming/outgoingmail)

I copied most of the settings from our old firewall for testing purposes.  I can ping our old email firewall which on 2 subnet from our main subnet (1) successfully.

The only way I can get a successful ping with the Ironprot is to have the management interface hooked into our main network.  We don't want this.  We do have Ironport firewall and Webfilter setup similar and working fine.Is there someway I can configure this unit to allow both subnets to talk successfully to each other without having the managment interface connected all the time?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 / ACL To Allow Email Traffic Only To DHCP Clients?

Nov 14, 2011

So here's what I think I should do to give email access only to a segment of addresses of my inside network.
 
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use 192.168.0.65-192.168.0.126. So I will use address 192.168.0.64 with netmask 255.255.255.192. Then set DHCP server to service this address range.
 
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
 
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
 
3) Create an ACL which will Deny my DHCP range to talk to the outside.
 
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).

View 1 Replies View Related

Cisco Firewall :: ASA 5512x Restrict Email Delivery To Ip Address Range

Feb 2, 2013

I was wondering how to tighten the security of my email delivery to a range of ip addresses (I know how on my old firewall but the cisco is quite a bit different).  Right now anyone sending email to a particular ip address on my firewall can do so.  I want to restrict that to two ip address ranges it will accept deliver from.  I'm thinking I need two network objects for the two ranges then add to a network object group.  Configuring the ACL for delivery using that group if I'm correct about that ?

View 4 Replies View Related

Cisco Firewall :: ASA5512-X Outbound Email With ESMTP Inspection Disabled

Jan 14, 2013

I have a client that is running an ASA5512-X.  When I initially installed it, they were having issues sending out emails.  I disabled ESMTP inspection and thought it resolved the issue.  Recently, they upgraded to Exchange 2010 and are still having an issue with some emails getting hung up in the queue.  If I watch the ASA when they try to telnet to the external mail servers that do not work, they get a SYN timeout. 
 
I am not sure why this would happen since ESMTP is disabled.  They are running 8.6(1) on the ASA.

View 5 Replies View Related

Cisco VPN :: 5510 / 5520 - 121 Ipec Vpn

Nov 1, 2012

I'm running into trouble with one of my l2l ipec vpn between a cisco 5510 and 5520 asa running version 8.2.2.
 
Our existing l2l vpns are connected fine and working fine. Currently SITE A (10.10.0.0/16) connects to SITE B (10.20.0.0/16). SITE A also connects to SITE C (10.100.8.0/21). These are OK.
 
What's failing is when I try to connect SITE B to SITE C. The tunnel does come up and phase 1 and 2 complete successfully. However while running: 'packet-tracer input inside icmp 10.20.8.2 8 0 10.100.8.1 detailed' i get the following:
 
Phase: 10
Type: VPN
Subtype: encrypt
Result: DROP
Config:

Additional Information:
Forward Flow based lookup yields rule:
out id=0xad1c4500, priority=70, domain=encrypt, deny=false
hits=609, user_data=0x0, cs_id=0xad1c2e10, reverse, flags=0x0, protocol=0
src ip=10.20.0.0, mask=255.255.0.0, port=0
dst ip=10.100.8.0, mask=255.255.248.0, port=0, dscp=0x0

I noticed when the tunnel came up, the 10.100.8.0/21 route was not added in the routing table and the cyrpto ACL was not applied on the remote ASA. I added the route manually but cant get the cryto ACL to apply.
 
More usefull info:
 
SITE C
object-group network NoNatDMZ-objgrp
network-object 10.10.0.0 255.255.0.0
network-object 10.10.12.0 255.255.255.0
network-object 10.20.0.0 255.255.0.0

[Code] ......

View 7 Replies View Related

Cisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8

Nov 2, 2012

We were using ASA-5520-K9 with  ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.

View 1 Replies View Related

Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?

Nov 28, 2011

I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
 
I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
 
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
 
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
 
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved