I hadn't setup a new PIX in a while and the couple ASA firewalls I have recently setup haven't needed SMTP service till now.
I moved an Exchange 2007 edge server from a DMZ in a PIX to a DMZ in an ASA. Had all of my ducks in a row with routing, firewall rules etc..., so imagine my suprise when the edge server couldn't properly pass SMTP data to the hub and vice-versa.
After examining logs on the ASA and Exchange servers and going through the firewall and server configs multiple times it dawned on me that maybe I was dealing with the fixup protocol again. I had thought that Cisco would have addressed this pesky little problem with the ASA, but alas, no. As soon as I disabled ESMTP from the inspection section, mail started flowing without incident.
If your using Exchange and Cisco ASAs for the first time, before you get to frustrated with mail not moving between the edge and hub servers, check the fixup protocol.
Sunday, October 11, 2009
Fixup Protocol
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment