Solved

How do I remove a line from a Cisco ASA 5505?

Posted on 2010-11-29
7
1,676 Views
Last Modified: 2012-05-10
I know this should be easy but...I don't get into routers very often. I have a Cisco ASA 5505. I am having an issue receiving some emails. I was told that the email is failing at the router and that I need to disable SMTP Fix-up or ESMTP discovery. The only thing I find in the router config is inspect esmpt. When I type in "no inspect esmp"t I get an error:
ERROR: Invalid input detected at ' ^ ' marker.
Your help would be appreciated.
0
Comment
Question by:dw1958
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34234603
To remove any lines, you have to be in config mode...  so

pixfirewall>en
pixfirewall#config t
pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class inspection_default
pixfirewall(config-pmap-c)#no inspect smtp



0
 

Author Comment

by:dw1958
ID: 34238905
Still no go. I get the same error:
no inspect esmpt
       ^
ERROR: Invalid input detected at ' ^ ' marker.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34239109
Would you post your sanitized code please.   Maybe you have the class map under a different name or maybe the inspect isnt even there,   A quick look will tell me.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:dw1958
ID: 34239722
Ok, here it is:

Result of the command: "show running-config"

: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name xxxxxxx.com
enable password 0duV6wY858Xg13N4 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 172.xx.xx.xx 255.255.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 76.xx.xx.xx 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa722-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 172.xx.xx.xx
 name-server 68.xx.xx.xx
 name-server 68.xx.xx.xx
 domain-name xxxxxxx.com
same-security-traffic permit intra-interface
access-list xxxxxxxx_splitTunnelAcl standard permit 172.xx.xx.xx 255.255.0.0
access-list inside_nat0_outbound extended permit ip 172.xx.xx.xx0 255.255.0.0 172.xx.xx.xx 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 172.23.0.1-172.23.0.10 mask 255.255.0.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 76.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy xxxxxxxxx internal
group-policy xxxxxxxxx attributes
 dns-server value 172.xx.xx.xx 68.xx.xx.xx
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value xxxxxxxxx_splitTunnelAcl
 default-domain value xxxxxxxxx.com
username xxxxxxx password xxxxxxxxxxxxx encrypted privilege 0
username xxxxxxx attributes
 vpn-group-policy xxxxxxx
username xxxxxxxxx password xxxxxxxxxxxxx encrypted privilege 0
username xxxxxxxx attributes
 vpn-group-policy xxxxxxxx
http server enable
http 172.xx.xx.xx 255.255.0.0 inside
http 74.xx.xx.xx 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  20
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
 address-pool VPNpool
 default-group-policy xxxxxxx
tunnel-group TunnelGroup1 ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
client-update enable
prompt hostname context
Cryptochecksum:1f785b3eeec2a0d331dc435f6ebe6b40
: end
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 125 total points
ID: 34243947
Check my other post with this similiar issue: http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_24525557.html

Same code:
    hostname(config)#policy-map global_policy
    hostname(config-pmap)#class inspection_default
    hostname(config-pmap-c)#no inspect esmtp



This is also noted in Cisco page : http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml
    hostname(config)#policy-map global_policy
    hostname(config-pmap)#class inspection_default
    hostname(config-pmap-c)#no inspect esmtp


Make sure you are in the (config-pmap-c) prompt when you issue the "no inspect esmtp" command.
0
 

Author Closing Comment

by:dw1958
ID: 34248100
Many thanks!!
I was able to delete the ESMTP setting from the ASDM GUI. It wasn't exactly the same as in you other post but I found the setting and unchecked it, applied it, and saved it. It is no longer in the configuration. I was able to send an email from my iPhone and receive it. I had been trying to find out why iPhone email wouldn't get through and I guess I know the answer to that now as well.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34250112
Excellent - glad it worked.
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month10 days, 5 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question