Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Problem with FWSM. Please help.

Problem with FWSM. Please help. 9 years 2 months ago #23371

Hi,

We have a FWSM module in 6513 core switch which acts as the gateway between Vlan's.


We have an exhange server (Microsoft Exchange 2003) in one VLAN and now we face a connectivity problem to this server on port 25 from other VLAN's. The port is open and no restrictions are there from Acces-lists.


When we do a telnet to the server on port 25, we are not able to see the banner which the exchange server returns as response and no response are obtained for the commads we type in as well. Ex: helo, mail from: This email address is being protected from spambots. You need JavaScript enabled to view it., etc.,

Once we telnet to the exchange server on port 25 from a different VLAN we get the below given message

---Output---

220 ****************************************************************************

***********************************************

--end of output---

Where as it works perfectly within the VLAN where the server exists and we get response to the command which we type in. Ex; helo, mil from: This email address is being protected from spambots. You need JavaScript enabled to view it., etc.,


---Output---

220 servername.ourdomain.com Microsoft ESMTP MAIL Service, Version: x.y.wert.yuio ready at Tue, 2 Oct 2007 14:04:34 +0200

--End of Output---

The scenario here is, we have lot of application servers which monitor multiple devices and these application servers sent mail to the exchange server. These application servers are in a different VLAN.

I aint sure what exactly is blocking the return traffic? Someone please advice on this. Thanks.
The administrator has disabled public write access.

Re: Problem with FWSM. Please help. 9 years 2 months ago #23373

The issue has been resolved. The inspect engine for smtp was blocking/dropping the packets. Thanks
The administrator has disabled public write access.

Re: Problem with FWSM. Please help. 9 years 2 months ago #23380

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
I'm sorry, I should have caught that. I have heard about the SMTP inspection causing problems, but I have not been faced with that at this time.

Does the inspection only happen when traffic goes between VLANs and interfaces?
The administrator has disabled public write access.

Re: Problem with FWSM. Please help. 9 years 2 months ago #23381

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
We turn the SMTP/ESMTP Fixup/Inspect rules off on all our Pix firewalls because it just stops e-mail flow.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Problem with FWSM. Please help. 9 years 2 months ago #23382

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Smurf,

Do you have a link to documentation as to the best method of disabling the inspection?
The administrator has disabled public write access.

Re: Problem with FWSM. Please help. 9 years 2 months ago #23383

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
No, just remove the inspect line (or fixup).

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.085 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup