How to deactivate ESMT inspection on CISCO devices

Zuletzt aktualisiert am:
Print
< zurück

The following is an excerpt from the Cisco Knowledge Base:

Note

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

CiscoASA# config t
CiscoASA(config)# policy-map global_policy
CiscoASA(config-pmap)# class inspection_default
CiscoASA(config-pmap-c)# no inspect esmtp
CiscoASA(config-pmap-c)# exit
CiscoASA(config-pmap)# exit
CiscoASA(config)# exit
CiscoASA# wr me

Note

In ASA version 8.0.3 and later, the allow-tls command is available to allow TLS email with inspect esmtp enabled as shown:

config t
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls action log
exit

policy-map global_policy
class inspection_default
no inspect esmtp
inspect esmtp tls-esmtp
Exit

Tags:
/by