• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2524
  • Last Modified:

Cisco ASA allow smtp traffic to mail server using ASDM

Hello, I recently installed an ASA 5510 on my production network to take advantege of the VPN. I configured it using the startup wizzard (VPN Wizzrd as well). Internet, VPN both work. I switched the gateway for all of my servers over to the ASA except my mail server. I still have the mail server gateway set to the old firewall becasue I cannot get smtp traffic to come over the ASA from my antispam provider. As soon as I have them switch to the public ip of the ASA they loose contact with my mailserver. I have tried to configure nat and access rules from other posts on google but have the packets blocked in packet tracer by the default deny rule. I would like to be able to configure this using ASDM.
  • 2
1 Solution
Pete LongConsultantCommented:
To let smtp in you need to port forward port 25 to the mail server

Cisco PIX / ASA Port Forwarding

And to let smtp out see

Cisco ASA - Only Allow Mail Servers SMTP Outbound

As for you not being able to get mail though I'm willing to bet you just need to disable esmtp inspection ignore the bit I've circled in this diagram http://www.petenetlive.com/KB/Media/0000312/00001.jpg in the list below does yours say inspect esmtp - if so you need to turn that off :)

execute these commands

cofigure terminal
policy-map global_policy
class inspection_default
no inspect esmtp
write mem

that will sort that out :)


beachbum9Author Commented:
Used the exact steps show on the cmd line config...still no joy...still being blocked by the deny deny rules according to packet tracer. i attached a opy of the running conifg...
beachbum9Author Commented:
It worked

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now