Mango-Man
asked on
How to Disable SMTP & ESMTP Packet Inspection on a Cisco Box
Hi all,
I have a problem, I have the solution but I don't know how to implement it!
Essentially we have a Cisco router causing the much documented "500 Firewall Error" preventing some outbound SMTP traffic from Microsoft Exchange.
From what I can see on the hundreds of pages online about this, the solution is to disable the outbound SMTP and/or ESMTP packet inspection via the CLI using the command:
no ip inspect name esmtp
Unfortunately, not a single one tells you how to get to the correct point in the CLI to use this command or how to find out the interface name - I've tried all sorts of variations but I'm getting nowhere.
Any help would be much appreciated!
Bob
I have a problem, I have the solution but I don't know how to implement it!
Essentially we have a Cisco router causing the much documented "500 Firewall Error" preventing some outbound SMTP traffic from Microsoft Exchange.
From what I can see on the hundreds of pages online about this, the solution is to disable the outbound SMTP and/or ESMTP packet inspection via the CLI using the command:
no ip inspect name esmtp
Unfortunately, not a single one tells you how to get to the correct point in the CLI to use this command or how to find out the interface name - I've tried all sorts of variations but I'm getting nowhere.
Any help would be much appreciated!
Bob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hey Bob:
Glad I could help. Just for reference's sake, it wasn't the service-policy portion of the interface configuration that was important, but the ip inspect statement.
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 69.57.240.34 255.255.255.252
ip access-group 104 in
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly in
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
end
Glad I could help. Just for reference's sake, it wasn't the service-policy portion of the interface configuration that was important, but the ip inspect statement.
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 69.57.240.34 255.255.255.252
ip access-group 104 in
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly in
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
end
ASKER
Many thanks - that "show run int x" was all I needed!!
For any UC500, UC520 or UC540 users, you simply need do the following via the CLI (telnet, etc):
Enter the following command when in privilaged mode but NOT in config mode:
show run int FastEthernet0/0
This will give you a response like the following:
Building configuration...
Current configuration : 309 bytes
!
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 69.57.240.34 255.255.255.252
ip access-group 104 in
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly in
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
end
Then based on the emboldened element in the output above, you enter the following when IN CONFIG mode (enter config t to enter configuration mode):
no ip inspect name SDM_MEDIUM esmtp
You wont get confirmation, you should get no response (no error) which in Cisco-land is a good thing.
Thanks again Jody
Bob