Avatar of ryanthompson
ryanthompson asked on

Connection problems with Port 25 over a Point to Point VPN Connection

I have a basic network\wan\VPN setup.  An Exchange 2010 server is in our main office.  All remote offices are connected to the main office via a VPN.  Cisco ASA's are used at all locations.  
What we are wanting to do is setup the Scan to Email feature on our LaserJet MFP M525s.  I configure IP and SMTP settings on the LaserJet at a remote office and can ping the email server and vise versa.  But the SMTP settings fail the tests.  I try to telnet to port 25 on the Exchange server and it times out and fails.  I have the same LaserJet at our main office and configure it the same way it works just fine.  I can telnet to port 25 on the exchange server at our main office.  
I'm assuming that this is why SMTP settings fail on the MFP's at the remote sites.  I have checked firewall rules and about everything else I can think of.  I'm hoping someone here has some ideas.  Let me know if more info is needed and I'll get it to you.  

Thanks!
ExchangeVPNHardware Firewalls

Avatar of undefined
Last Comment
Simon Butler (Sembee)

8/22/2022 - Mon
mds-cos

There is nothing inherent to the VPN connection that would interfere with SMTP IP traffic to port 25.  You are definitely on the right track though by doing the telnet test.  Your assumption is correct -- if you cannot establish a connection to port 25 your SMTP setup on the printer will fail.

Does all other traffic across the VPN work?  Can you post your rule set and VPN configs (purged, of course, from IP and username/pw/other secure info)?
ASKER
ryanthompson

All other traffic works.  I can telnet to port 80 and 443 on the email server.  It's just port 25 that is giving me fits.  I'm working on getting the configs.
Simon Butler (Sembee)

That will be the modern equivilent of fixup SMTP. It even causes problems with SMTP traffic.
http://semb.ee/fixupsmtp

You need to get it disabled on the Cisco devices.

Simon.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
ryanthompson

Simon - I stumbled across an article drescribing that.  I disabled it.  ESMTP doesn't show in the "inspect" list in my config.
Simon Butler (Sembee)

You can soon check.
Telnet from the remote site to your Exchange server on port 25. Issue an ehlo command. If anything has xxxx on it, then it is still being blocked.

Simon.
ASKER
ryanthompson

I can't telnet to port 25 on the Exchange server from a remote site.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Simon Butler (Sembee)

That means something is blocking the traffic.
AV, antispam are the usual targets, but I would still point the finger at the Cisco devices. I used to run a Cisco VPN myself and dumped it because it because it was too complex to manage.

Simon.
ASKER
ryanthompson

Simon - I agree.  I've disable the AV software and the windows firewall.  I think it's the Cisco devices.  I just can't figure out why and it's getting frustrating.

Thanks!
ASKER CERTIFIED SOLUTION
Simon Butler (Sembee)

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question