Cisco ASA blocks TLS through SMTP ???

Posted on 2009-02-10
Last Modified: 2012-05-06
Hi Experts,

I'm in the process of testing and establishing a TLS connection with the third party email filtering company. They are escalating my firewall is masked out STARTLS as a SMTP security precaution.

My firewall is running 8.0(4) IOS, how do i identify this situation and disable the SMTP protection to establish TLS between my email server and them ??

Thanks a lot !  
Question by:Shakthi777
    LVL 10

    Accepted Solution

    Turn off ESMTP inspection in your policy-map:

    policy-map global_policy
    class inspection_default
    no inspect esmtp

    Author Comment

    First I did,
    $policy-map type inspect esmtp esmtp_map

    But it didn't work,

    and after that i did
    $no fixup protocol smtp 25

    now it's works !

    What is the diferent between those commands ??

    Thanks a lot for your time !
    LVL 10

    Expert Comment

    The policy-map commands are used in version 8.0 of the Cisco PIX/ASA OS, the fixup command is an obsolete command used in version 6 and earlier. If you are running 8.0(4) you should not have fixup commands, you may want to check the version information.

    Author Comment

    I'm sure that I'm running 8.0(4), and I'm sure that $no fixup protocol smtp 25 worked for me. (but I'm a new to Cisco any way .. )

    thanks for you support !

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Asa 5520 Configuration 3 53
    Cisco 2960 Vlan create. 3 39
    Find VLAN ID's 6 25
    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now