Hello. We recently purchased an ASA 5510 and opened up mail.domain.com to outlook web access
I am seeing constant connection attempts from 220.127.116.11, random ports on their side, ports 25, 587, 465 on ours. Connections are denied by access list because only port 443 forwards, but I have been seeing these for a few days, just straight "deny"..
I checked, and config looks correct, I can't telnet or connect to any of those ports - so if that's the case, why does the other party keep probing?
the exact deny message I see in adsm is "deny tcp src outside:18.104.22.168/49555 dst inside:owaserver.internal.domain/587 by access-group "INCOMING"
Connections are bouncing off as it should it seems, but worried anyway? Any way to block that IP all together so it wouldn't even show up on the logs (I do have an ip deny <address> in the INCOMING acl for that ip)