Solved

How do I remove a line from a Cisco ASA 5505?

Posted on 2010-11-29
7
1,644 Views
Last Modified: 2012-05-10
I know this should be easy but...I don't get into routers very often. I have a Cisco ASA 5505. I am having an issue receiving some emails. I was told that the email is failing at the router and that I need to disable SMTP Fix-up or ESMTP discovery. The only thing I find in the router config is inspect esmpt. When I type in "no inspect esmp"t I get an error:
ERROR: Invalid input detected at ' ^ ' marker.
Your help would be appreciated.
0
Comment
Question by:dw1958
  • 4
  • 3
7 Comments
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
To remove any lines, you have to be in config mode...  so

pixfirewall>en
pixfirewall#config t
pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class inspection_default
pixfirewall(config-pmap-c)#no inspect smtp



0
 

Author Comment

by:dw1958
Comment Utility
Still no go. I get the same error:
no inspect esmpt
       ^
ERROR: Invalid input detected at ' ^ ' marker.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Would you post your sanitized code please.   Maybe you have the class map under a different name or maybe the inspect isnt even there,   A quick look will tell me.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:dw1958
Comment Utility
Ok, here it is:

Result of the command: "show running-config"

: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name xxxxxxx.com
enable password 0duV6wY858Xg13N4 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 172.xx.xx.xx 255.255.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 76.xx.xx.xx 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa722-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 172.xx.xx.xx
 name-server 68.xx.xx.xx
 name-server 68.xx.xx.xx
 domain-name xxxxxxx.com
same-security-traffic permit intra-interface
access-list xxxxxxxx_splitTunnelAcl standard permit 172.xx.xx.xx 255.255.0.0
access-list inside_nat0_outbound extended permit ip 172.xx.xx.xx0 255.255.0.0 172.xx.xx.xx 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 172.23.0.1-172.23.0.10 mask 255.255.0.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 76.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy xxxxxxxxx internal
group-policy xxxxxxxxx attributes
 dns-server value 172.xx.xx.xx 68.xx.xx.xx
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value xxxxxxxxx_splitTunnelAcl
 default-domain value xxxxxxxxx.com
username xxxxxxx password xxxxxxxxxxxxx encrypted privilege 0
username xxxxxxx attributes
 vpn-group-policy xxxxxxx
username xxxxxxxxx password xxxxxxxxxxxxx encrypted privilege 0
username xxxxxxxx attributes
 vpn-group-policy xxxxxxxx
http server enable
http 172.xx.xx.xx 255.255.0.0 inside
http 74.xx.xx.xx 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  20
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
 address-pool VPNpool
 default-group-policy xxxxxxx
tunnel-group TunnelGroup1 ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
client-update enable
prompt hostname context
Cryptochecksum:1f785b3eeec2a0d331dc435f6ebe6b40
: end
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 125 total points
Comment Utility
Check my other post with this similiar issue: http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_24525557.html

Same code:
    hostname(config)#policy-map global_policy
    hostname(config-pmap)#class inspection_default
    hostname(config-pmap-c)#no inspect esmtp



This is also noted in Cisco page : http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml
    hostname(config)#policy-map global_policy
    hostname(config-pmap)#class inspection_default
    hostname(config-pmap-c)#no inspect esmtp


Make sure you are in the (config-pmap-c) prompt when you issue the "no inspect esmtp" command.
0
 

Author Closing Comment

by:dw1958
Comment Utility
Many thanks!!
I was able to delete the ESMTP setting from the ASDM GUI. It wasn't exactly the same as in you other post but I found the setting and unchecked it, applied it, and saved it. It is no longer in the configuration. I was able to send an email from my iPhone and receive it. I had been trying to find out why iPhone email wouldn't get through and I guess I know the answer to that now as well.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Excellent - glad it worked.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now